Hi All,
I really do try to read the forums in full before I post, but I have seen much
out there on this, but just cant find out why this is happening.
Please see below.
The only think I dont have is "sim_files" entry in the sites-enabled/default, as
I assume this is now covered in the radiusd.conf file.
Also, in the simtriplets files at the bottom, I have tried the entries with a 1
at the beiging of the IMSI, and without and with the word SIM there also.
On packet captures over the air, I get
P1 - eap identity request
P2 - eap identity response
P3 - eap-failure
So I beleive the radius server is not sending an eap-start <module> and is my
configuration issue.
Could anyone be so kind to help me please?
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.53.1.200 port 45261, id=5,
length=257
User-Name = "1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org"
NAS-IP-Address = 192.168.21.1
Called-Station-Id = "5C-D9-98-BF-C0-9E:tt"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "5C-F8-A1-8B-35-BA"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "524016AE-00000005"
Framed-MTU = 1400
EAP-Message =
0x02ba0038013132333431353931343334363530383440776c616e2e6d6e633031352e6d63633233342e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x25cd862fe8110e13ab54321c37032d00
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "wlan.mnc015.mcc234.3gppnetwork.org" for User-Name =
"1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org"
[suffix] No such realm "wlan.mnc015.mcc234.3gppnetwork.org"
++[suffix] returns noop
[eap] EAP packet type response id 186 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
================================================================
[eap] processing type sim
can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
================================================================
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 5 to 10.53.1.200 port 45261
EAP-Message = 0x04ba0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 0 ID 5 with timestamp +8
Ready to process requests.
rad_recv: Access-Request packet from host 10.53.1.200 port 45261, id=6,
length=257
User-Name = "1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org"
NAS-IP-Address = 192.168.21.1
Called-Station-Id = "5C-D9-98-BF-C0-9E:tt"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Calling-Station-Id = "5C-F8-A1-8B-35-BA"
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Id = "524016AE-00000006"
Framed-MTU = 1400
EAP-Message =
0x02f20038013132333431353931343334363530383440776c616e2e6d6e633031352e6d63633233342e336770706e6574776f726b2e6f7267
Message-Authenticator = 0xac6eea11e5915f4e4e5bbc06a7ed3e72
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "wlan.mnc015.mcc234.3gppnetwork.org" for User-Name =
"1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org"
[suffix] No such realm "wlan.mnc015.mcc234.3gppnetwork.org"
++[suffix] returns noop
[eap] EAP packet type response id 242 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
can not initiate sim, no RAND1 attribute
[eap] Default EAP type sim failed in initiate
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
1234159143465...@wlan.mnc015.mcc234.3gppnetwork.org
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 6 to 10.53.1.200 port 45261
EAP-Message = 0x04f20004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 1 ID 6 with timestamp +20
Ready to process requests.
^C
root@bt:/usr/local/etc/raddb# more simtriplets.dat
#IMSI RAND SRES Kc
SIM,1234159143465084,A0C88079662D465cA02777F9A9CEAEC7,6C395da1,F0dacca9391dcf1b
SIM,1234159143465084,4BB4C256A0774a408FD55659713827BA,68623684,20fa6eaa8F1cefa1
SIM,1234159143465084,36FD7F72064B4edaB48CDF26CB7DC630,90af525c,3B7a3d5b7Bac2ed2
SIM,1234159143465084,DD9B118ACF17444f82DA268FA39687AC,D110c907,7Cd8c9ca1Af0dc27
SIM,1234159143465084,80F0D38CD406486f9F725CBC36FABBB1,EC775db7,A756b22b0B143f0f
root@bt:/usr/local/etc/raddb#
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
