EAP-SIM authentication failed
Hi guys,
for my thesis i need to realize a EAP-SIM Authentication testbed. I'm using a
Nokia E52 with EAP-SIM, a MIKROTIK router as access point and FreeRADIUS 2.1.10
as Radius server. I have added the necessary commands in the clients.conf,
radiusd.conf, eap.conf and default files in order to enable EAP-SIM
Authentication on the FreeRADIUS and I've created a flat file ' simtriplets.dat
' that is used from the Radius during the authentication process.
By trying to access to the Wlan with the mobile phone (Nokia E52), i got the
message that the authentication was unsuccessful. But by looking at the radius
debug file, i cannot recognize any failure or messages like 'Access-Reject'.
The debug file shows that radius got two ' Access-Request' packets from
MIKROTIK router and it also sent two 'Access-Challenge' packets back to the
router. It seems the radius is waiting for next requests and then the
authentication process just ends up.
so my questions are:
-how many request packets are needed to complete the eap-sim authentication?
-what should I configure to get more than 2 Access-Request
here is the content of my debug file:
.
.
.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.212 port 38803, id=29,
length=238
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017653"
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "822e"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message = 0x020100150131393031373030303030303030363533
Message-Authenticator = 0xcf4e5f6429686cc260b16bd23d82489f
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "19017653", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 108
++[eap] returns handled
Sending Access-Challenge of id 29 to 192.168.10.212 port 38803
EAP-Message = 0x016c0014120a0f020002000111010100
Message-Authenticator = 0x
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.212 port 50478, id=30,
length=287
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017653"
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "822e"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message =
0x026c0034120a0705c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533
Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "19017653", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 108 length 52
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/defau
Re: EAP-SIM authentication failed
On 06/11/12 10:55, Yann R. Moupinda wrote: Hi guys, for my thesis i need to realize a EAP-SIM Authentication testbed. I'm using a Nokia E52 with EAP-SIM, a MIKROTIK router as access point and FreeRADIUS 2.1.10 as Radius server. I have added the necessary commands Upgrade. Some fixes for EAP-SIM went into more recent versions. Access-Request' packets from MIKROTIK router and it also sent two 'Access-Challenge' packets back to the router. It seems the radius is waiting for next requests and then the authentication process just ends up. Yes. The client stops responding, so you need to ask the client what the problem is - but the EAP-SIM fixed might be the cause. so my questions are: -how many request packets are needed to complete the eap-sim authentication? 3, I think. -what should I configure to get more than 2 Access-Request You don't. The client is stopping because it thinks something is wrong. Upgrade to 2.2.0 and try again - if the same thing happens, you need to debug on the client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM authentication failed
Hi, > >> -what should I configure to get more than 2 Access-Request > > You don't. The client is stopping because it thinks something is wrong. > Upgrade to 2.2.0 and try again - if the same thing happens, you need to debug > on the client. You need to also add a patch that has been committed in the 2.1.x branch (I think) post release regarding EAP-SIM. Without it, it will not work. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM authentication failed
On 06/11/12 13:34, Francois Gaudreault wrote: Hi, -what should I configure to get more than 2 Access-Request You don't. The client is stopping because it thinks something is wrong. Upgrade to 2.2.0 and try again - if the same thing happens, you need to debug on the client. You need to also add a patch that has been committed in the 2.1.x branch (I think) post release regarding EAP-SIM. Without it, it will not work. Was that after 2.2.0 was released? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM authentication failed
Phil Mayers wrote: > Was that after 2.2.0 was released? No, before. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM authentication failed
Didn't you make another fix afterward regarding AT_IDENTITY (commit cfd61d24b99022eb613054bbf7e0da4fa3af1bde)? Not the patch from Microsoft. I know I have to patch the 2.2.0 source in our RPMs with this commit otherwise it fails ;) On 2012-11-06, at 10:15 AM, Alan DeKok wrote: > Phil Mayers wrote: >> Was that after 2.2.0 was released? > > No, before. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-SIM authentication failed
Hi guys,
Thanks for your help.
After reading your suggestions, i installed a new version of FreeRADIUS
(FreeRADIUS 2.2.1).
I haven't worked with the the patch yet (i'm going to do that later) but, just
to show what i got with the new version 2.2.1 and changing the content of the
simtriplets.dat
1. case : simtriplets.dat looks like following (imsi,rand,sres,kc) (3 different
rand...)
19017653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000
19017653,0123456789abcdef0123456789abcde0,725bb218,25903c082654b400
19017653,0123456789abcdef0123456789abcd18,ed404256,bc871da6ae8edc00
19017653,0123456789abcdef0123456789abcd88,6695bd6e,58788a55e9052000
i got the same failure than before: after sending the 2nd access challenge, the
server is waiting for the 3rd access request and doesn't get anything -->
authentication failed
.
.
.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.212 port 38803, id=29,
length=238
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017653"
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "822e"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message = 0x020100150131393031373030303030303030363533
Message-Authenticator = 0xcf4e5f6429686cc260b16bd23d82489f
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "19017653", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 108
++[eap] returns handled
Sending Access-Challenge of id 29 to 192.168.10.212 port 38803
EAP-Message = 0x016c0014120a0f020002000111010100
Message-Authenticator = 0x
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.212 port 50478, id=30,
length=287
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017653"
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "822e"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message =
0x026c0034120a0705c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533
Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "19017653", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 108 length 52
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++> EAP-sim decoded packet:
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017653"
State = 0x870e2a6987623891aa6e4
Re: EAP-SIM authentication failed
I have the same problem with Nokia E51 handset. EAP-SIM authentication interrupted by Nokia supplicant. Unfortunately there is no useful diagnostic on the handset. On other hand EAP-SIM authentication succeeds when I use wpa_supplicant on Windows using smart card reader with the same SIM card I've used with Nokia handset. Unfortunately I have neither iPhone nor Windows-based handset to test EAP-SIM against. Yann R. Moupinda wrote: i got the same failure than before: after sending the 2nd access challenge, the server is waiting for the 3rd access request and doesn't get anything --> authentication failed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-SIM authentication failed
Hi guys,
i'm still looking for a solution for the eapsim authentication. Now i use the
Freeradius 3.0.0 and i made some changes in the 'eapsimlib.c' regarding
AT_IDENTITY (commit cfd61d24b99022eb613054bbf7e0da4fa3af1bde). I still have the
same problem, the client is able to send two Acces-Request but unable to send
the third Access-Request to close the authentication.
I use a Nokia E52 as supplicant, did anybody realize the test successfully with
another mobile phone (except android phones)?
Does anyone know how i can debug the mobile phone?
any helpfull ideas?
here my debug
radiusd: FreeRADIUS Version 3.0.0 (git #d3c7336), for host i586-pc-linux-gnu,
built on Nov 7 2012 at 14:54:31
.
.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.212 port 48077, id=19,
length=308
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017...@wlan.mnc070.mcc901.3gppnetwork.org"
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "8253"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message =
0x02010038013139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x429b263e5293fadbae0a13f28dad2775
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
(0) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(0) group authorize {
(0) - entering group authorize {...}
(0) [preprocess] = ok
(0) [chap] = noop
(0) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212
(0) auth_log : expand:
/var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
-> /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(0) auth_log :
/var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(0) auth_log : expand: %t -> Thu Nov 8 14:20:05 2012
(0) [auth_log] = ok
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix : Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for
User-Name = "19017...@wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Found realm "~.*.3gppnetwork.org$"
(0) suffix : Adding Stripped-User-Name = "19017653"
(0) suffix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Authentication realm is LOCAL.
(0) [suffix] = ok
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
(0) [sim_files] = ok
(0) eap : EAP packet type response id 1 length 56
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest
of authorize
(0) [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) group authenticate {
(0) - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type sim
(0) eap : Underlying EAP-Type set EAP ID to 133
(0) [eap] = handled
Sending Access-Challenge of id 19 to 192.168.10.212 port 48077
EAP-Message = 0x01850014120a0f020002000111010100
Message-Authenticator = 0x
State = 0x077b668807fe746db0e5f555c7ca40d2
(0) Finished request 0.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.212 port 41383, id=20,
length=358
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017...@wlan.mnc070.mcc901.3gppnetwork.org"
State = 0x077b668807fe746db0e5f555c7ca40d2
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "8253"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message =
0x02850058120a0705be65a474dc99300354fdd97e5176bbc5100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x07c87b76cd6232ca08dc4529913d5cac
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
(1) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(1) group authorize {
(1) - entering group authorize {...}
(1) [preprocess] = ok
(1) [chap] = noop
(1) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212
(1) auth_log : expand:
RE: EAP-SIM authentication failed
Hi guys,
i'm still trying to authenticate a EAP SIM Client with
the Freeraduis 3.0.0. By Using the Nokia E51 and E52, the eap-sim
authentication process just stops after the raduis has sent the "
EAP-REQUEST, SIM-CHALLENGE" (containing AT_RAND and AT_MAC) message (see
log info.).
I did some changes in the in the " eapsimlib.c" regarding the AT_IDENTITY by
using the patch 'commit cfd61d24b99022eb613054bbf7e0da4fa3af1bde' but the
result didn't change.
I decided to change the Client. I downloaded and installed
Xsupplicant 2.2.3.553 on my windows XP. This is a software capable to be
used as EAP-SIM Client. I didn't change anything on the server side.
This time Xsupplicant replys with a " EAP-RESPONSE, SIM-CHALLENGE"
(containing AT_MAC) after recieving the " EAP-REQUEST, SIM-CHALLENGE"
(containing AT_RAND and AT_MAC). The Freeradius Server recieves the "
EAP-RESPONSE, SIM-CHALLENGE" (containing AT_MAC), says that the received
MAC doesn't match and breaks the authentication process with a "access
reject"
Here the log messages with Nokia:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.212 port 48077, id=19,
length=308
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017...@wlan.mnc070.mcc901.3gppnetwork.org"
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "8253"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message =
0x02010038013139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f7267
Message-Authenticator = 0x429b263e5293fadbae0a13f28dad2775
NAS-Identifier = "MT_Yann"
NAS-IP-Address = 192.168.10.212
(0) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(0) group authorize {
(0) - entering group authorize {...}
(0) [preprocess] = ok
(0) [chap] = noop
(0) auth_log : expand: %{Packet-Src-IP-Address} -> 192.168.10.212
(0)
auth_log : expand:
/var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
-> /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(0)
auth_log :
/var/log/radiusd/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d
expands to /var/log/radiusd/radacct/192.168.10.212/auth-detail-20121108
(0) auth_log : expand: %t -> Thu Nov 8 14:20:05 2012
(0) [auth_log] = ok
(0) [mschap] = noop
(0) [digest] = noop
(0)
suffix : Looking up realm "wlan.mnc070.mcc901.3gppnetwork.org" for
User-Name = "19017...@wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Found realm "~.*.3gppnetwork.org$"
(0) suffix : Adding Stripped-User-Name = "19017653"
(0) suffix : Adding Realm = "wlan.mnc070.mcc901.3gppnetwork.org"
(0) suffix : Authentication realm is LOCAL.
(0) [suffix] = ok
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
(0) [sim_files] = ok
(0) eap : EAP packet type response id 1 length 56
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the rest
of authorize
(0) [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) group authenticate {
(0) - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type sim
(0) eap : Underlying EAP-Type set EAP ID to 133
(0) [eap] = handled
Sending Access-Challenge of id 19 to 192.168.10.212 port 48077
EAP-Message = 0x01850014120a0f020002000111010100
Message-Authenticator = 0x
State = 0x077b668807fe746db0e5f555c7ca40d2
(0) Finished request 0.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.212 port 41383, id=20,
length=358
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "19017...@wlan.mnc070.mcc901.3gppnetwork.org"
State = 0x077b668807fe746db0e5f555c7ca40d2
NAS-Port-Id = "ap_hotspot"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "8253"
Acct-Multi-Session-Id =
"00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-50-00-00-00-00-00-03"
Calling-Station-Id = "A8-7E-33-3E-9C-5B"
Called-Station-Id = "00-0C-42-64-41-9D:YANN"
EAP-Message =
0x02850058120a0705be65a474dc99300354fdd97e5176bbc5100100010e0e00333139303137303030303030303036353340776c616e2e6d6e633037302e6d63633930312e336770706e6574776f726b2e6f726700
Message-Authenticator = 0x07c87b76cd6232ca08dc4529913d5cac
NAS-Identifier = "MT_Yann"
Re: EAP-SIM authentication failed
On 15/11/12 16:46, Yann R. Moupinda wrote: Has anyone an idea why the MAC not matches although Client and Server are using the same algorithm version (Version 1 mentioned in AT_VERSION_LIST from Server and in AT_SELECTED_VERSION from client) ? It's probably a bug somewhere. Very likely, the wrong data is being fed into the MAC at both ends. Unfortunately, since FreeRADIUS works with *some* EAP-SIM/AKA supplicants, I am guessing there are incompatible implementations out there. You would need to read the SIM/AKA RFCs in detail, and possibly feed the test data into FreeRADIUS to find the bug. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
