Hi guys, Could you please check what is wrong with the eam or eap sim? I try to authenticate EAP SIM user, and wrore a rlm_sim_map to replace rlm_sim_file. I got the 3 triplets and add pair for 3 triplets.
But when I use eap_client with 802.1x AP, it fail to authenticate my connection. The Freeradius version is 1.0 pre3 Thanks and regards. The message as following... $ radiusd -Xxx Fri Sep 10 16:33:51 2004 : Info: Starting - reading configuration files ... Fri Sep 10 16:33:51 2004 : Debug: reread_config: reading radiusd.conf Fri Sep 10 16:33:51 2004 : Debug: Config: including file: /usr/local/etc/raddb/clients.conf Fri Sep 10 16:33:51 2004 : Debug: Config: including file: /usr/local/etc/raddb/snmp.conf Fri Sep 10 16:33:51 2004 : Debug: Config: including file: /usr/local/etc/raddb/sql.conf Fri Sep 10 16:33:51 2004 : Debug: main: prefix = "/usr/local" Fri Sep 10 16:33:51 2004 : Debug: main: localstatedir = "/usr/local/var" Fri Sep 10 16:33:51 2004 : Debug: main: logdir = "/usr/local/var/log/radius" Fri Sep 10 16:33:51 2004 : Debug: main: libdir = "/usr/local/lib" Fri Sep 10 16:33:51 2004 : Debug: main: radacctdir = "/usr/local/var/log/radius/radacct" Fri Sep 10 16:33:51 2004 : Debug: main: hostname_lookups = no Fri Sep 10 16:33:51 2004 : Debug: main: snmp = no Fri Sep 10 16:33:51 2004 : Debug: main: max_request_time = 30 Fri Sep 10 16:33:51 2004 : Debug: main: cleanup_delay = 5 Fri Sep 10 16:33:51 2004 : Debug: main: max_requests = 1024 Fri Sep 10 16:33:51 2004 : Debug: main: delete_blocked_requests = 0 Fri Sep 10 16:33:51 2004 : Debug: main: port = 0 Fri Sep 10 16:33:51 2004 : Debug: main: allow_core_dumps = no Fri Sep 10 16:33:51 2004 : Debug: main: log_stripped_names = no Fri Sep 10 16:33:51 2004 : Debug: main: log_file = "/usr/local/var/log/radius/radius.log" Fri Sep 10 16:33:51 2004 : Debug: main: log_auth = yes Fri Sep 10 16:33:51 2004 : Debug: main: log_auth_badpass = yes Fri Sep 10 16:33:51 2004 : Debug: main: log_auth_goodpass = yes Fri Sep 10 16:33:51 2004 : Debug: main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" Fri Sep 10 16:33:51 2004 : Debug: main: user = "(null)" Fri Sep 10 16:33:51 2004 : Debug: main: group = "(null)" Fri Sep 10 16:33:51 2004 : Debug: main: usercollide = no Fri Sep 10 16:33:51 2004 : Debug: main: lower_user = "no" Fri Sep 10 16:33:51 2004 : Debug: main: lower_pass = "no" Fri Sep 10 16:33:51 2004 : Debug: main: nospace_user = "no" Fri Sep 10 16:33:51 2004 : Debug: main: nospace_pass = "no" Fri Sep 10 16:33:51 2004 : Debug: main: checkrad = "/usr/local/sbin/checkrad" Fri Sep 10 16:33:51 2004 : Debug: main: proxy_requests = yes Fri Sep 10 16:33:51 2004 : Debug: security: max_attributes = 200 Fri Sep 10 16:33:51 2004 : Debug: security: reject_delay = 1 Fri Sep 10 16:33:51 2004 : Debug: security: status_server = no Fri Sep 10 16:33:51 2004 : Debug: main: debug_level = 0 Fri Sep 10 16:33:51 2004 : Debug: read_config_files: reading dictionary Fri Sep 10 16:33:51 2004 : Debug: read_config_files: reading naslist Fri Sep 10 16:33:51 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Sep 10 16:33:51 2004 : Debug: read_config_files: reading clients Fri Sep 10 16:33:51 2004 : Debug: read_config_files: reading realms Fri Sep 10 16:33:51 2004 : Debug: radiusd: entering modules setup Fri Sep 10 16:33:51 2004 : Debug: Module: Library search path is /usr/local/lib Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded expr Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated expr (expr) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded PAP Fri Sep 10 16:33:51 2004 : Debug: pap: encryption_scheme = "crypt" Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated pap (pap) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded CHAP Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated chap (chap) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded MS-CHAP Fri Sep 10 16:33:51 2004 : Debug: mschap: use_mppe = yes Fri Sep 10 16:33:51 2004 : Debug: mschap: require_encryption = no Fri Sep 10 16:33:51 2004 : Debug: mschap: require_strong = no Fri Sep 10 16:33:51 2004 : Debug: mschap: with_ntdomain_hack = no Fri Sep 10 16:33:51 2004 : Debug: mschap: passwd = "(null)" Fri Sep 10 16:33:51 2004 : Debug: mschap: authtype = "MS-CHAP" Fri Sep 10 16:33:51 2004 : Debug: mschap: ntlm_auth = "(null)" Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated mschap (mschap) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded eap Fri Sep 10 16:33:51 2004 : Debug: RLM_EAP eap_instantiate Fri Sep 10 16:33:51 2004 : Debug: eap: default_eap_type = "sim" Fri Sep 10 16:33:51 2004 : Debug: eap: timer_expire = 60 Fri Sep 10 16:33:51 2004 : Debug: eap: ignore_unknown_eap_types = no Fri Sep 10 16:33:51 2004 : Debug: eap: cisco_accounting_username_bug = no Fri Sep 10 16:33:51 2004 : Debug: EAP eaptype_load Fri Sep 10 16:33:51 2004 : Debug: rlm_eap: Loaded and initialized type md5 Fri Sep 10 16:33:51 2004 : Debug: EAP eaptype_load Fri Sep 10 16:33:51 2004 : Debug: rlm_eap: Loaded and initialized type leap Fri Sep 10 16:33:51 2004 : Debug: EAP eaptype_load Fri Sep 10 16:33:51 2004 : Debug: rlm_eap: Loaded and initialized type sim Fri Sep 10 16:33:51 2004 : Debug: STATE generate_key Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated eap (eap) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded preprocess Fri Sep 10 16:33:51 2004 : Debug: preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" Fri Sep 10 16:33:51 2004 : Debug: preprocess: hints = "/usr/local/etc/raddb/hints" Fri Sep 10 16:33:51 2004 : Debug: preprocess: with_ascend_hack = no Fri Sep 10 16:33:51 2004 : Debug: preprocess: ascend_channels_per_line = 23 Fri Sep 10 16:33:51 2004 : Debug: preprocess: with_ntdomain_hack = no Fri Sep 10 16:33:51 2004 : Debug: preprocess: with_specialix_jetstream_hack = no Fri Sep 10 16:33:51 2004 : Debug: preprocess: with_cisco_vsa_hack = no Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated preprocess (preprocess) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded sim_map Fri Sep 10 16:33:51 2004 : Debug: sim_map: simtriplets = "/usr/local/etc/raddb/simtriplets.dat" Fri Sep 10 16:33:51 2004 : Debug: SIM-MAP: instantiate Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated sim_map (sim_map) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded realm Fri Sep 10 16:33:51 2004 : Debug: realm: format = "suffix" Fri Sep 10 16:33:51 2004 : Debug: realm: delimiter = "@" Fri Sep 10 16:33:51 2004 : Debug: realm: ignore_default = no Fri Sep 10 16:33:51 2004 : Debug: realm: ignore_null = no Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated realm (suffix) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded Acct-Unique-Session-Id Fri Sep 10 16:33:51 2004 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated acct_unique (acct_unique) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded detail Fri Sep 10 16:33:51 2004 : Debug: detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Fri Sep 10 16:33:51 2004 : Debug: detail: detailperm = 384 Fri Sep 10 16:33:51 2004 : Debug: detail: dirperm = 493 Fri Sep 10 16:33:51 2004 : Debug: detail: locking = no Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated detail (detail) Fri Sep 10 16:33:51 2004 : Debug: Module: Loaded radutmp Fri Sep 10 16:33:51 2004 : Debug: radutmp: filename = "/usr/local/var/log/radius/radutmp" Fri Sep 10 16:33:51 2004 : Debug: radutmp: username = "%{User-Name}" Fri Sep 10 16:33:51 2004 : Debug: radutmp: case_sensitive = yes Fri Sep 10 16:33:51 2004 : Debug: radutmp: check_with_nas = yes Fri Sep 10 16:33:51 2004 : Debug: radutmp: perm = 384 Fri Sep 10 16:33:51 2004 : Debug: radutmp: callerid = yes Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated radutmp (radutmp) Fri Sep 10 16:33:51 2004 : Debug: detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d" Fri Sep 10 16:33:51 2004 : Debug: detail: detailperm = 384 Fri Sep 10 16:33:51 2004 : Debug: detail: dirperm = 493 Fri Sep 10 16:33:51 2004 : Debug: detail: locking = no Fri Sep 10 16:33:51 2004 : Debug: Module: Instantiated detail (reply_log) Fri Sep 10 16:33:51 2004 : Debug: Listening on authentication *:1812 Fri Sep 10 16:33:51 2004 : Debug: Listening on accounting *:1813 Fri Sep 10 16:33:51 2004 : Debug: Listening on proxy *:1814 Fri Sep 10 16:33:51 2004 : Info: Ready to process requests. rad_recv: Access-Request packet from host 172.16.17.14:1027, id=43, length=163 User-Name = "[EMAIL PROTECTED]" NAS-IP-Address = 172.16.17.14 NAS-Identifier = "B-1000v2" Framed-MTU = 1496 Called-Station-Id = "00-a0-c5-60-4b-bc:eap" Calling-Station-Id = "00-0b-cd-8c-71-3b" NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202001c013134363639373132303030313030313040646c74657374 Message-Authenticator = 0x2658a3a937c5be10a6f79e2d3ebf11db Fri Sep 10 16:34:02 2004 : Debug: Processing the authorize section of radiusd.conf Fri Sep 10 16:34:02 2004 : Debug: modcall: entering group authorize for request 0 Fri Sep 10 16:34:02 2004 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Fri Sep 10 16:34:02 2004 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Fri Sep 10 16:34:02 2004 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Fri Sep 10 16:34:02 2004 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Fri Sep 10 16:34:02 2004 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Fri Sep 10 16:34:02 2004 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Fri Sep 10 16:34:02 2004 : Debug: modsingle[authorize]: calling sim_map (rlm_sim_map) for request 0 Fri Sep 10 16:34:03 2004 : Debug: SIM-MAP: Finish Inserted Map Session Fri Sep 10 16:34:03 2004 : Debug: rlm_sim_map: authorized user/imsi [EMAIL PROTECTED] Fri Sep 10 16:34:03 2004 : Info: rlm_sim_map: Adding EAP-Type: eap-sim Fri Sep 10 16:34:03 2004 : Debug: rlm_sim_map: saw config EAP-Type = SIM Fri Sep 10 16:34:03 2004 : Debug: rlm_sim_map: saw reply EAP-Sim-Rand1 = 0x5ec3a91eae2522xxxxxxxxxxxxxxxxxx EAP-Sim-KC1 = 0xfe121b2885xxxxxx EAP-Sim-SRES1 = 0xa2a5xxxx EAP-Sim-Rand2 = 0x4621aba16ad903xxxxxxxxxxxxxxxxxx EAP-Sim-KC2 = 0xc45f0bc41fxxxxxx EAP-Sim-SRES2 = 0x55b7xxxx EAP-Sim-Rand3 = 0xf157a872dbb5a9xxxxxxxxxxxxxxxxxx EAP-Sim-KC3 = 0x47d87ae7c2xxxxxx EAP-Sim-SRES3 = 0x5c34xxxx Fri Sep 10 16:34:03 2004 : Debug: SIM-MAP: Ending Map Authorize Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: returned from sim_map (rlm_sim_map) for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall[authorize]: module "sim_map" returns ok for request 0 Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Fri Sep 10 16:34:03 2004 : Debug: RLM_EAP eap_authorize Fri Sep 10 16:34:03 2004 : Debug: EAP eap_start Fri Sep 10 16:34:03 2004 : Debug: rlm_eap: EAP packet type response id 2 length 28 Fri Sep 10 16:34:03 2004 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall[authorize]: module "eap" returns updated for request 0 Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Fri Sep 10 16:34:03 2004 : Debug: rlm_realm: Looking up realm "dltest" for User-Name = "[EMAIL PROTECTED]" Fri Sep 10 16:34:03 2004 : Debug: rlm_realm: No such realm "dltest" Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Fri Sep 10 16:34:03 2004 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall: group authorize returns updated for request 0 Fri Sep 10 16:34:03 2004 : Debug: rad_check_password: Found Auth-Type EAP Fri Sep 10 16:34:03 2004 : Debug: auth: type "EAP" Fri Sep 10 16:34:03 2004 : Debug: Processing the authenticate section of radiusd.conf Fri Sep 10 16:34:03 2004 : Debug: modcall: entering group authenticate for request 0 Fri Sep 10 16:34:03 2004 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Fri Sep 10 16:34:03 2004 : Debug: RLM_EAP eap_authenticate Fri Sep 10 16:34:03 2004 : Debug: EAP eap_handler Fri Sep 10 16:34:03 2004 : Debug: EAP eap_validation Fri Sep 10 16:34:03 2004 : Debug: EAP eap_identity Fri Sep 10 16:34:03 2004 : Debug: EAP eap_buildds Fri Sep 10 16:34:03 2004 : Debug: EAP eaptype_select Fri Sep 10 16:34:03 2004 : Debug: rlm_eap: EAP Identity Fri Sep 10 16:34:03 2004 : Debug: EAP eaptype_call Fri Sep 10 16:34:03 2004 : Debug: rlm_eap: processing type sim Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_initiate Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_getchalans Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_getchalans Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_getchalans Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_stateenter Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_sendstart Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_compose Fri Sep 10 16:34:03 2004 : Debug: EAP eap_compose Fri Sep 10 16:34:03 2004 : Debug: rlm_eap: Underlying EAP-Type set EAP ID to 0 Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_wireformat Fri Sep 10 16:34:03 2004 : Error: rlm_eap: reply code 0 is unknown, Rejecting the request. Fri Sep 10 16:34:03 2004 : Debug: rlm_eap: Freeing handler Fri Sep 10 16:34:03 2004 : Debug: EAP_SIM eap_sim_state_free Fri Sep 10 16:34:03 2004 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall[authenticate]: module "eap" returns reject for request 0 Fri Sep 10 16:34:03 2004 : Debug: modcall: group authenticate returns reject for request 0 Fri Sep 10 16:34:03 2004 : Debug: auth: Failed to validate the user. Fri Sep 10 16:34:03 2004 : Auth: Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client epassportgw port 0 cli 00-0b-cd-8c-71-3b) Fri Sep 10 16:34:03 2004 : Debug: Delaying request 0 for 1 seconds Fri Sep 10 16:34:03 2004 : Debug: Finished request 0 Fri Sep 10 16:34:03 2004 : Debug: Going to the next request Fri Sep 10 16:34:03 2004 : Debug: --- Walking the entire request list --- Fri Sep 10 16:34:03 2004 : Debug: Waking up in 1 seconds... Fri Sep 10 16:34:04 2004 : Debug: --- Walking the entire request list --- Sending Access-Reject of id 43 to 172.16.17.14:1027 EAP-Message = 0x0000001400000000000000000000000000000000 Message-Authenticator = 0x00000000000000000000000000000000 Fri Sep 10 16:34:04 2004 : Debug: Waking up in 4 seconds... Fri Sep 10 16:34:08 2004 : Debug: --- Walking the entire request list --- Fri Sep 10 16:34:08 2004 : Debug: Cleaning up request 0 ID 43 with timestamp 414166fa Fri Sep 10 16:34:08 2004 : Debug: Nothing to do. Sleeping until we see a request. _________________________________________________________ Do You Yahoo!? 登記免費的 @yahoo.com 中文電子郵件 @ http://chinese.mail.yahoo.com Get your free @yahoo.com address at http://chinese.mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html