Re: EAP-SIM on freeradius-server-2.1.12
Hi GNUbie, You don't need the special patch for testing EAP-SIM. Just get 3 different triplets for your SIM and create a static users file entry with them, contrary to what -X says, you should put the triplets attrs as reply attrs, not check attrs. Regards, Thor. - Original Message - From: GNUbie gnu...@gmail.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Cc: al...@deployingradius.com Sent: Wednesday, February 15, 2012 5:17:29 AM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna Subject: Re: EAP-SIM on freeradius-server-2.1.12 Hello Alan, Thank you anyway. I already checked the directory you mentioned even before I posted my original message on this mailing list. Hello all, Anybody from this community would like to share their experiences on EAP-SIM authentication? Thank you in advance. Regards, GNUbie On Tue, Feb 14, 2012 at 3:21 PM, Alan DeKok al...@deployingradius.com wrote: GNUbie wrote: What am I missing in my current setup that I am getting such errors? Why is it that it can't find the triplets when in fact it's there? No idea. I don't use SIM myself. See src/tests/eapsim-* for examples of using SIM authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM on freeradius-server-2.1.12
rlm_sim_files: insufficient number of challenges for imsi 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound You have triplets for 3be855ae7a8607c7f identity in the simtriplets.dat. But there 3a370f920c4275853 identity in RADIUS request. So sim_files module is unable to find triplets for requested identity. You can add realm wlan.mnc001.mcc525.3gppnetwork.org as your server's locally served realm to get it stripped: # raddb/proxy.conf realm wlan.mnc001.mcc525.3gppnetwork.org { # no home servers so this is locally served realm } After that you can put identities into simtriplets.dat without realm. But I think that iPhone generates new random Pseudonym identity for each authentication attempt. So you will be out of luck to guess it. In fact the rlm_eap_sim is badly broken. It want triplets to be known before it request permanent identity from the peer. It should first send EAP-Request/SIM/Start(AT_PERMANENT_ID_REQ, AT_VERSION_LIST) message to the peer. When EAP-Response/SIM/Start(AT_IDENTITY, AT_NONCE) is received from the peer permanent identity should be extracted from AT_IDENTITY attribute and triplets should be found for this permanent identity. All the tests in freeradius sources assume that permanent identity is sent in EAP-Response/Identity message. Nokia phones do that that way. iPhone does not. GNUbie wrote: Hello all, I have tried inserting the value of the User-Name attribute I am getting from my Access-Request into the /usr/local/etc/raddb/simtriplets.dat file: # sed -i 's/^/3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,/g' /usr/local/etc/raddb/simtriplets.dat and I ended up the below contents of my /usr/local/etc/raddb/simtriplets.dat file: 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00 Then when I executed the command # /usr/local/sbin/radiusd -X -d /usr/local/etc/raddb and tested on my iPhone4, I got a different results in my stdout logs: - - - s n i p - - - rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=16, length=249 User-Name = 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = 0E-19-BE-80-71-00:eap-sim Calling-Station-Id = 60-FA-CD-75-96-46 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x023901336133373066393230633432373538353340776c616e2e6d6e633030352e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0x7bccc626cc4f91df718b039a143b7c64 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] expand: %t - Tue Feb 14 14:12:42 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm wlan.mnc005.mcc525.3gppnetwork.org for User-Name = 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org [suffix] No such realm wlan.mnc005.mcc525.3gppnetwork.org ++[suffix] returns noop rlm_sim_files: insufficient number of challenges for imsi 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to
Re: EAP-SIM on freeradius-server-2.1.12
GNUbie wrote: Thank you anyway. I already checked the directory you mentioned even before I posted my original message on this mailing list. checked ? What does that mean? The tests were working. They should continue to work. Did you try *running* them? Do they work as described? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM on freeradius-server-2.1.12
Hello Alan, Thank you anyway. I already checked the directory you mentioned even before I posted my original message on this mailing list. Hello all, Anybody from this community would like to share their experiences on EAP-SIM authentication? Thank you in advance. Regards, GNUbie On Tue, Feb 14, 2012 at 3:21 PM, Alan DeKok al...@deployingradius.com wrote: GNUbie wrote: What am I missing in my current setup that I am getting such errors? Why is it that it can't find the triplets when in fact it's there? No idea. I don't use SIM myself. See src/tests/eapsim-* for examples of using SIM authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-SIM on freeradius-server-2.1.12
Hello all, I configured manually ($ ./configure --with-modules=rlm_sim --with-modules=rlm_sim_files make) and installed (# make install) the freeradius-server-2.1.12 from the upstream on the CentOS 5.7 x86_64 machine. Then I configured the following configuration files: - /usr/local/etc/raddb/radiusd.conf - /usr/local/etc/raddb/clients.conf - /usr/local/etc/raddb/eap.conf - /usr/local/etc/raddb/sites-enabled/default And lastly, I created the /usr/local/etc/raddb/simtriplets.dat with six (6) triplets (just to make sure though AFAIK 3 is enough) for a single IMSI. Then, I executed the command # /usr/local/sbin/radiusd -X -d /usr/local/etc/raddb and tried testing directly from my iPhone4, I got the below snippet of the stdout logs: - - - s n i p - - - rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=120, length=249 User-Name = 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = 0E-19-BE-80-71-00:eap-sim Calling-Station-Id = 5C-59-48-67-C7-A5 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x023901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xdef1645477a2ba0f9a9371f0a9eea8b7 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 [auth_log] expand: %t - Mon Feb 13 23:48:18 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm wlan.mnc001.mcc525.3gppnetwork.org for User-Name = 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org [suffix] No such realm wlan.mnc001.mcc525.3gppnetwork.org ++[suffix] returns noop rlm_sim_files: insufficient number of challenges for imsi 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 5C-59-48-67-C7-A5) Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 120 to 172.17.1.110 port 2048 EAP-Message = 0x0404 Message-Authenticator = 0x Waking up in 4.9 seconds. Cleaning up request 0 ID 120 with timestamp +13 Ready to process requests. - - - s n i p - - - Based on the above logs, below are the (3) lines that I'm not sure how to address them: [suffix] No such realm wlan.mnc001.mcc525.3gppnetwork.org rlm_sim_files: insufficient number of challenges for imsi 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound [pap] WARNING! No known good password found for the user. Authentication may fail because of this. [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 5C-59-48-67-C7-A5) Please advice on how am I going to proceed from here. Thank you in advance. Regards, GNUbie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM on freeradius-server-2.1.12
Hello all, What am I missing in my current setup that I am getting such errors? Why is it that it can't find the triplets when in fact it's there? Basically, the major changes I made on the configuration files are as follows: [ /usr/local/etc/raddb/radiusd.conf ] user = radiusd group = radiusd modules { sim_files { simtriplets = /usr/local/etc/raddb/simtriplets.dat } ... ... ... } [ /usr/local/etc/raddb/clients.conf ] client 172.17.1.0 { ipaddr = 172.17.1.0 netmask = 24 secret = qwerty shortname = eap-sim } [ /usr/local/etc/raddb/eap.conf ] eap { sim { } default_eap_type = sim ... ... ... } [ /usr/local/etc/raddb/sites-enabled/default ] authorize { ... ... ... sim_files eap { ok = return } ... ... ... } The contents of the /usr/local/etc/raddb/simtriplets.dat file has the format of IMSI,RAND,SRES,KC without the quotes: 354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800 354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00 354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800 354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400 354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800 354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00 I also tried in my testing to add 1 on every IMSI but with no luck. # sed -i 's/^/1/g' /usr/local/etc/raddb/simtriplets.dat And lastly, the rlm_eap_sim and rlm_sim_files modules are in place. # ls -l /usr/local/lib/*sim* lrwxrwxrwx 1 root root14 Feb 13 21:19 /usr/local/lib/rlm_eap_sim-2.1.12.la - rlm_eap_sim.la -rwxr-xr-x 1 root root 35972 Feb 13 21:19 /usr/local/lib/rlm_eap_sim-2.1.12.so -rw-r--r-- 1 root root 48340 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.a -rwxr-xr-x 1 root root 932 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.la lrwxrwxrwx 1 root root21 Feb 13 21:19 /usr/local/lib/rlm_eap_sim.so - rlm_eap_sim-2.1.12.so lrwxrwxrwx 1 root root16 Feb 13 21:19 /usr/local/lib/rlm_sim_files-2.1.12.la - rlm_sim_files.la -rwxr-xr-x 1 root root 35331 Feb 13 21:19 /usr/local/lib/rlm_sim_files-2.1.12.so -rw-r--r-- 1 root root 46534 Feb 13 21:19 /usr/local/lib/rlm_sim_files.a -rwxr-xr-x 1 root root 910 Feb 13 21:19 /usr/local/lib/rlm_sim_files.la lrwxrwxrwx 1 root root23 Feb 13 21:19 /usr/local/lib/rlm_sim_files.so - rlm_sim_files-2.1.12.so Can anyone from this community help me how to solve my problem? Thank you in advance. Regards, GNUbie On Tue, Feb 14, 2012 at 12:26 AM, GNUbie gnu...@gmail.com wrote: Hello all, I configured manually ($ ./configure --with-modules=rlm_sim --with-modules=rlm_sim_files make) and installed (# make install) the freeradius-server-2.1.12 from the upstream on the CentOS 5.7 x86_64 machine. Then I configured the following configuration files: - /usr/local/etc/raddb/radiusd.conf - /usr/local/etc/raddb/clients.conf - /usr/local/etc/raddb/eap.conf - /usr/local/etc/raddb/sites-enabled/default And lastly, I created the /usr/local/etc/raddb/simtriplets.dat with six (6) triplets (just to make sure though AFAIK 3 is enough) for a single IMSI. Then, I executed the command # /usr/local/sbin/radiusd -X -d /usr/local/etc/raddb and tried testing directly from my iPhone4, I got the below snippet of the stdout logs: - - - s n i p - - - rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=120, length=249 User-Name = 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = 0E-19-BE-80-71-00:eap-sim Calling-Station-Id = 5C-59-48-67-C7-A5 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x023901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xdef1645477a2ba0f9a9371f0a9eea8b7 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120213 [auth_log] expand: %t - Mon Feb 13 23:48:18 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm wlan.mnc001.mcc525.3gppnetwork.org for User-Name = 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org [suffix] No such realm wlan.mnc001.mcc525.3gppnetwork.org ++[suffix] returns noop rlm_sim_files: insufficient number of challenges for imsi 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org: 0
Re: EAP-SIM on freeradius-server-2.1.12
Hello all, I have tried inserting the value of the User-Name attribute I am getting from my Access-Request into the /usr/local/etc/raddb/simtriplets.dat file: # sed -i 's/^/3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,/g' /usr/local/etc/raddb/simtriplets.dat and I ended up the below contents of my /usr/local/etc/raddb/simtriplets.dat file: 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,C97024E532E340a1A1C4DE24DA001CA6,CBe30a81,988c8753D4197800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,38E1F9E16B6E4ee6A785072241E8FF43,9Bcd3f54,F56fb487C1359c00 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,8254442AD6CB47a29ABC530391DDE402,7054a123,806894125A715800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,7CA9CE3C148D43e09EBCC40D0AF8048B,A290d514,A2983885440dc400 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,391DDF50B644482fAE46F091B1D6AA1C,7968b608,875d2af9E883d800 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org,1354162120787078,E244EC5344CF4df1A83E54AB7E399670,F9122829,FB2763c02Cbfac00 Then when I executed the command # /usr/local/sbin/radiusd -X -d /usr/local/etc/raddb and tested on my iPhone4, I got a different results in my stdout logs: - - - s n i p - - - rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=16, length=249 User-Name = 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = 0E-19-BE-80-71-00:eap-sim Calling-Station-Id = 60-FA-CD-75-96-46 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x023901336133373066393230633432373538353340776c616e2e6d6e633030352e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0x7bccc626cc4f91df718b039a143b7c64 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.17.1.110/auth-detail-20120214 [auth_log] expand: %t - Tue Feb 14 14:12:42 2012 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm wlan.mnc005.mcc525.3gppnetwork.org for User-Name = 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org [suffix] No such realm wlan.mnc005.mcc525.3gppnetwork.org ++[suffix] returns noop rlm_sim_files: insufficient number of challenges for imsi 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org: 0 ++[sim_files] returns notfound [eap] EAP packet type response id 0 length 57 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type sim can not initiate sim, no RAND1 attribute [eap] Default EAP type sim failed in initiate [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org] (from client eap-sim port 0 cli 60-FA-CD-75-96-46) Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - 3a370f920c4275...@wlan.mnc005.mcc525.3gppnetwork.org attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 172.17.1.110 port 2048, id=17, length=249 User-Name = 3be855ae7a8607...@wlan.mnc001.mcc525.3gppnetwork.org NAS-IP-Address = 172.17.1.110 NAS-Port = 0 Called-Station-Id = 0E-19-BE-80-71-00:eap-sim Calling-Station-Id = 5C-59-48-67-C7-A5 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x023901336265383535616537613836303763376640776c616e2e6d6e633030312e6d63633532352e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xb65adf77dff68958fe2559c807599ea8 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: