Hi, thanx for your reply
i also tried using patch in
http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120914/13b2c044/attachment.ksh
but unfortunately,
when i already connect with one device successfully, i try another
device the result another device is
rejected by server
Hi IIiya,
thanx for your answer
i tried to fix syntax error in in users file
and also i tried using patch in
http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120914/13b2c044/attachment.ksh
but unfortunately,
the result is same, my first device can connect to internet and
On 20.06.2013 17:56, raptor raptor wrote:
my users format
1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org EAP-Type := SIM
EAP-Sim-Rand1 = 0x 326258E6F77C40f3866DB25DEA60AE4D,
EAP-Sim-SRES1 = 0x DD287535,
EAP-Sim-KC1 = 0x 7F743521EBabb000,
EAP-Sim-Rand2 = 0x FD9989BD90AD4a03962E6C08C000C14B,
On 20.06.2013 8:38, raptor raptor wrote:
i just try one client and success but when i use another client and it fails
Post debug log if you want to diagnose authentication failure.
is it correct if i add other client in users and simtriplets.dat?
Yes, you should add auth vectors for all
Hi IIiya,
thanx for your quick response
here is my log debug
rad_recv: Access-Request packet from host 192.168.2.1 port 2048, id=0,
length=215
User-Name = 1510019760806...@wlan.mnc001.mcc510.3gppnetwork.org
NAS-IP-Address = 192.168.2.1
Called-Station-Id =
On 20.06.2013 13:38, raptor raptor wrote:
Sending Access-Accept of id 0 to 192.168.2.1 port 2048
MS-MPPE-Recv-Key =
0x9d0b6b0a9151822473399a9fed44e8f0d74df083532a7d437e436f60866252d8
MS-MPPE-Send-Key =
0xebf07da25ca3cd97267d1fc6a1ce18d68ad2737902f610284bdb45c6eed0cb7f
EAP-Message = 0x03760004
Hi, IIiya
i'm sorry my posting above is about one client
first, i connect with one client and it's success
(until Finished request 2 in debug log)
and then in next request, i try with different supplicant/client to
authenticate and i have input identitiy (IMSI, RAND, SRES,KC) in to
Hi, IIlya
Thanx for your advice
it works
On Thu, Jun 13, 2013 at 2:47 PM, Iliya Peregoudov iperegu...@cboss.ruwrote:
On 11.06.2013 12:27, raptor raptor wrote:
1.
when i change users entry, i get notification that access-accept has
succesfull
but unfortunately, when i restart the system
Hi,
i have tried with one client and it's success to authenticate and access
internet in wlan
could this test we use multiple clients?
i just try one client and success but when i use another client and it fails
is it correct if i add other client in users and simtriplets.dat?
ex:
On 11.06.2013 22:21, Rodney Machado wrote:
After reading again the documentation, i got to this point:
[skipped]
I'm going to fix the user file and give it a try again.
rlm_eap_sim expects EAP-Sim-RAND1 (and friends) on reply list, not in
control list.
So correct users entry for EAP-SIM
On 11.06.2013 12:27, raptor raptor wrote:
1.
when i change users entry, i get notification that access-accept has
succesfull
but unfortunately, when i restart the system cant access-accept and i
must change attribute in users from agsm program
here the log:
I do not understand clearly whether
On 11.06.2013 7:00, raptor raptor wrote:
i'm sorry i dont understand about LF UNIX line ending, could you show me
what should i do to simtriplets.dat format?
is there any mistake?
Run
dos2unix simtriplets.dat
in UNIX shell. This will ensure simtriplets.dat has UNIX line endings.
i got that
Hi Iliya,
I'm been trying my self EAP-SIM auth for a while, with nothing but odd results.
I'm using FreeRADIUS Version 3.0.0 (git #25b6fdd), in wich the support for
sim_files module have been dropped. I tryied setting the vectors vía the users
file for my IMSI but its not working, I was just
After reading again the documentation, i got to this point:
What's with the commas in the raddb/users file?
Commas link lists of attributes together. The general format for a raddb/users
file entry is:
name Check-Item = Value, ..., Check-Item = Value Reply-Item = Value, . . .
Reply-Item =
On 09.06.2013 5:34, raptor raptor wrote:
simtriplets.dat format that i wite:
1imsi,RAND,SRES,Kc
1510019760806391,AAC0FAFDC47D4524AC9E2A3D51BDBA39,2A71bac3,7868589a75fdc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
Iliya Peregoudov wite :
1.
rlm_sim_files: insufficient number of challenges for imsi
1510019760806391: 0
++[sim_files] returns notfound
It's strange that rlm_sim_files was unable to find auth vectors.
Ensure that simtriplets.dat has UNIX line endings (LF, not CRLF).
i'm sorry i dont
my simtriplets.dat :
1imsi
1510019760806391,AAC0FAFDC47D4524AC9E2A3D51BDBA39,2A71bac3,7868589a75fdc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
On Mon, Jun 3, 2013 at 9:26 PM, Alan
simtriplets.dat format that i wite:
1imsi,RAND,SRES,Kc
1510019760806391,AAC0FAFDC47D4524AC9E2A3D51BDBA39,2A71bac3,7868589a75fdc000
1510019760806391,BF9A9F6EEB36422895D010927D76972C,F49dd880,3Afbcf2fA9b0a000
1510019760806391,C63837CFECD348deB119C35CFECD4898,49312999,FD488938B6f2a000
i add in
Apparently there is an error in simtriplets.dat. Format is
1IMSI,RAND,SRES,KC
RAND, SRES, and KC should be in hexadecimal digits, without 0x
prefix. An even number of hexadecimal digits should be in there.
On 01.06.2013 5:51, raptor raptor wrote:
ASSERT FAILED rlm_sim_files.c[212]: k !=
Iliya Peregoudov wrote:
Apparently there is an error in simtriplets.dat. Format is
1IMSI,RAND,SRES,KC
RAND, SRES, and KC should be in hexadecimal digits, without 0x
prefix. An even number of hexadecimal digits should be in there.
The simtriplets.dat dile doesn't have 0x prefixes in its
Call suffix before sim_files.
The rlm_sim_files module uses canonical username as a key for
searching authentication vectors. Initially canonical username points to
User-Name attribute. rlm_realm module (suffix is an instance of this
module) split User-Name to Stripped-User-Name and Realm and
i have added Stripped-User-Name in sites-enabled/default and also i
disabled suffix module
but, i found like fatal mistake
could someone tell me what i should do to fix this
this is my log
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0,
Hi all,
i have read anything about my problem, but i dont get any idea to solve
in FR i get message like this :
rlm_sim_files: insufficient number of challenges for imsi
i...@wlan.mnc001.mcc510.3gppnetwork.org : 0
[sim_files] returnnot found
it's my log:
Ready to process requests.
rad_recv:
You should designate realm wlan.mnc001.mcc510.3gppnetwork.org as locally
served in raddb/proxy.conf:
# raddb/proxy.conf
realm wlan.mnc001.mcc510.3gppnetwork.org {
}
Then you should add authentication vectors to raddb/simtriplets.dat:
# raddb/simtriplets.dat
# 1IMSI,RAND,SRES,KC
On 30/05/2556 13:44, raptor raptor
wrote:
[pap] WARNING! No "known good"
password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
[pap] WARNING! No "known good"
On 30/05/13 08:16, Iliya Peregoudov wrote:
You should designate realm wlan.mnc001.mcc510.3gppnetwork.org as locally
served in raddb/proxy.conf:
Better yet, don't use the suffix module; look for the realm and strip
it yourself:
authorize {
if (User-Name =~ /^(.*)@(.+)$/) {
update
On 30/05/13 08:22, EasyHorpak.com wrote:
On 30/05/2556 13:44, raptor raptor wrote:
[pap] WARNING! No known good password found for the
user.Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
[pap] WARNING! No known good password found for the
Hi, Phil
Better yet, don't use the suffix module; look for the realm and strip it
yourself:
authorize {
if (User-Name =~ /^(.*)@(.+)$/) {
update request {
Stripped-User-Name := %{1}
Realm := %{2}
}
}
}
See the policy.conf/policy.d and list archives for better regexps for
Hi,
i have added simtriplets.dat and create file sim_files in
/freeradius/modules
and also i configure sim_files in authorize{} in /sites-enabled/default
but i dont use suffix module
so my concern is how to solve this message :
rlm_sim_files: insufficient number of challenges for imsi
Dear Alan,Ivan and all,
I am having the Problem in rlm_ldap module in FreeRadius.
I am doing a MD5 based Authentication with a Windows XP Supplicant and a
Alcatel Switch acting as Authenticator and FreeRadius2.0.5 build as Front
end and OpenLDAP 2.3.32 as backend.
When a Request is received the
Dear Alan,Ivan and all,
I am having the Problem in rlm_ldap module in FreeRadius.
I am doing a MD5 based Authentication with a Windows XP Supplicant and a
Alcatel Switch acting as Authenticator and FreeRadius2.0.5 build as Front
end and OpenLDAP 2.3.32 as backend.
When a Request is received the
I'm sorry if you received this twice. This was caught
by my spam guard... not sure why and am not sure if it
made it to everyone. I'm changing the subject...
See below.
--- Josh [EMAIL PROTECTED] wrote:
I have been successfully authenticating individual
users between a PIX 515 VPN and
-
De : [EMAIL PROTECTED] [mailto:freeradius-users-
[EMAIL PROTECTED] De la part de Alan DeKok
Envoyé : mercredi 25 mai 2005 19:52
À : freeradius-users@lists.freeradius.org
Objet : Re: Authorization problem
Miguel Sennoun [EMAIL PROTECTED] wrote:
DEFAULT Auth-Type := Reject, Service-Type
Miguel Sennoun [EMAIL PROTECTED] wrote:
DEFAULT Auth-Type := Reject, Service-Type !* 2
The !* operator ignores any value you give it.
You can understand I would like to accept only users who have the attributes
:
Service-Type present and equal to 2
Why not just use 'Service-Type == 2?
Hello
I know it's more a Cisco issue, but maybe someone here had the same problem.
For Authentication, users use PEAP/MS-Chapv2, that is working fine.
For Authorization, I want to use per-user ACL, from user profiles from
FreeRadius server with an MySQL backend.
As a test, I put some
3 2005 22:39 Jim Seymour :
Hmmm... I thought it meant simply that the User-Name was a match.
Anyway . I changed it to User-Password and nothig has changed.
Regards, Sergey.
--
Sergey A. Guriev
Organization: New Telephone Company
e-mail: [EMAIL
3 2005 22:39 Jim Seymour :
Sergey Guriev [EMAIL PROTECTED] wrote:
Hmmm... I thought it meant simply that the User-Name was a match.
And, also I see that in the Radius.log
---
Thu May 12 08:28:14 2005 : Info: rlm_eap_tls: Length Included
Thu May 12 08:28:14 2005 : Error:
Sergey Guriev [EMAIL PROTECTED] wrote:
÷ ÓÏÏÂÝÅÎÉÉ ÏÔ 3 íÁÊ 2005 10:14 Vladimir Vuksan ÎÁÐÉÓÁÌ:
Thu Apr 28 11:33:53 2005 : Debug: users: Matched entry www at line 228
Are you sure that the entry on line 228 has the correct password. I am not
quite sure where the [EMAIL
28 2005 11:38 Sergey Guriev :
Here is one big log of session. Please help me understand what realy wrong.
I'm asking one more time, PLEASE look at my Log (previous message in this
thread) and help me to understand what is wrong?
Regards, Sergey.
--
Sergey Guriev wrote:
Im' using freeradius 1.02 (under linux), Cisco AiroNet 1230B and PC-station
under Win-XP. And I have some problem with authorization.
Here parts of my configs:
users:
-
ttt Password ==
I believe this should be User-Password ==
Vladimir
-
3 2005 09:48 Vladimir Vuksan :
I believe this should be User-Password ==
I made it and User-Password and Password - no change.
--
Regards, Sergey.
--
Sergey A. Guriev
Organization: New Telephone Company
e-mail: [EMAIL PROTECTED]
Sergey Guriev wrote:
3 2005 09:48 Vladimir Vuksan :
I believe this should be User-Password ==
I made it and User-Password and Password - no change
The log contains something peculiar ie.
rad_recv: Access-Request packet from host 80.243.64.30:14123, id=138,
length=142
3 2005 10:14 Vladimir Vuksan :
Thu Apr 28 11:33:53 2005 : Debug: users: Matched entry www at line 228
Are you sure that the entry on line 228 has the correct password. I am not
quite sure where the [EMAIL PROTECTED] comes from.
Yes, I sure, becouse Matched entry www at line 228
27 2005 09:00 Sergey Guriev :
Here is one big log of session. Please help me understand what realy wrong.
--
rad_recv: Access-Request packet from host 80.243.64.30:14123, id=138,
length=142
User-Name = [EMAIL PROTECTED]
Framed-MTU = 1400
Called-Station-Id =
Hello!
Im' using freeradius 1.02 (under linux), Cisco AiroNet 1230B and PC-station
under Win-XP. And I have some problem with authorization.
Here parts of my configs:
users:
-
ttt Password ==
-
radiusd.conf:
-
authenticate {
#
Are you trying to use TLS or PEAP? I'm not an expert but there are
some PEAP definitions in your config file that I think need to be changed
if you are attempting TLS. The most obvious is the default_eap_type
which should be tls.
default_eap_type = tls
Also, if you are attempting tls you don't
27 2005 13:06 frad :
Are you trying to use TLS or PEAP? I'm not an expert but there are
some PEAP definitions in your config file that I think need to be changed
if you are attempting TLS. The most obvious is the default_eap_type
which should be tls.
default_eap_type = tls
You right
47 matches
Mail list logo