Dear All, Any thoughts on this?? On Sun, Jan 6, 2013 at 5:05 PM, Muhammad Usman <muhd.usma...@gmail.com>wrote:
> Dear All, > I am trying to configure freeradius for EAP-SIM authentication, for that i > compiled FreeRadius with "./configure --with-modules="rlm_sim" > --with-modules="rlm_sim_files"". Freeradius is installed successfully as i > have tested it using radtest, as suggested on Freeradius wikis. > i have installed freeradius version 2.2.0 > Now in order to test EAP-SIM, i have added the below block in eap.conf > file after mschapv2 block, > sim { > } > > I am trying to successfully run /src/tests/eapsim-03 example, i have > copied the the below in users file, > > 1244070100000...@eapsim.foo Auth-Type := EAP, EAP-Type := SIM > EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f, > EAP-Sim-SRES1 = 0xd1d2d3d4, > EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f, > EAP-Sim-SRES2 = 0xe1e2e3e4, > EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f, > EAP-Sim-SRES3 = 0xf1f2f3f4, > EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7, > EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7, > EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7, > > 1232420100000015 Auth-Type := EAP, EAP-Type := SIM > EAP-Sim-Rand1 = 0x30000000000000000000000000000000, > EAP-Sim-SRES1 = 0x30112233, > EAP-Sim-KC1 = 0x445566778899AABB, > EAP-Sim-Rand2 = 0x31000000000000000000000000000000, > EAP-Sim-SRES2 = 0x31112233, > EAP-Sim-KC2 = 0x445566778899AABB, > EAP-Sim-Rand3 = 0x32000000000000000000000000000000, > EAP-Sim-SRES3 = 0x32112233, > EAP-Sim-KC3 = 0x445566778899AABB, > > eapsim Auth-Type := EAP, EAP-Type := SIM > EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234, > EAP-Sim-SRES1 = 0x1234abcd, > EAP-Sim-KC1 = 0x0011223344556677, > EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a, > EAP-Sim-SRES2 = 0x234abcd1, > EAP-Sim-KC2 = 0x1021324354657687, > EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab, > EAP-Sim-SRES3 = 0x34abcd12, > EAP-Sim-KC3 = 0x30415263748596a7 > > but when i try to run client.sh, it gets the following logs, > > Sending Access-Request packet to host 127.0.0.1 port 1812, id=64, length=0 > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > EAP-Code = Response > EAP-Type-Identity = 0x65617073696d > Message-Authenticator = 0x30 > NAS-Port = 0 > EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 > EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a > EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab > EAP-Sim-SRES1 = 0x1234abcd > EAP-Sim-SRES2 = 0x234abcd1 > EAP-Sim-SRES3 = 0x34abcd12 > EAP-Sim-KC1 = 0x0011223344556677 > EAP-Sim-KC2 = 0x1021324354657687 > EAP-Sim-KC3 = 0x30415263748596a7 > EAP-Message = 0x023f000b0165617073696d > Received Access-Challenge packet from host 127.0.0.1 port 1812, id=64, > length=78 > EAP-Message = 0x01f30014120a00000f0200020001000011010100 > Message-Authenticator = 0x81ffe249ace5353152e1476e8f7f890b > State = 0x9a9ec8169a6dda46839134a50c8e1d5d > EAP-Id = 243 > EAP-Code = Request > EAP-Type-SIM = 0x0a00000f0200020001000011010100 > Sending Access-Request packet to host 127.0.0.1 port 1812, id=65, length=71 > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > EAP-Code = Response > Message-Authenticator = 0x00000000000000000000000000000000 > NAS-Port = 0 > EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 > EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a > EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab > EAP-Sim-SRES1 = 0x1234abcd > EAP-Sim-SRES2 = 0x234abcd1 > EAP-Sim-SRES3 = 0x34abcd12 > EAP-Sim-KC1 = 0x0011223344556677 > EAP-Sim-KC2 = 0x1021324354657687 > EAP-Sim-KC3 = 0x30415263748596a7 > EAP-Sim-State = 1 > EAP-Sim-Subtype = Start > EAP-Sim-SELECTED_VERSION = 0x0001 > EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 > EAP-Sim-IDENTITY = 0x000665617073696d > EAP-Id = 243 > EAP-Message = > 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 > State = 0x9a9ec8169a6dda46839134a50c8e1d5d > Received Access-Challenge packet from host 127.0.0.1 port 1812, id=65, > length=138 > EAP-Message = > 0x01f40050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9 > Message-Authenticator = 0x11986571b4665594edefbf3d811efbae > State = 0x9a9ec8169b6ada46839134a50c8e1d5d > EAP-Id = 244 > EAP-Code = Request > EAP-Type-SIM = > 0x0b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9 > Input was: > identity: (len=6)65617073696d > nonce_mt: c9615ec963ada36f11bd4e81093a7271 > rand0: 00000000000000000000000000000000 > rand1: 00000000000000000000000000000000 > rand2: 00000000000000000000000000000000 > sres0: 1234abcd > sres1: 234abcd1 > sres2: 34abcd12 > Kc0: 0011223344556677 > Kc1: 1021324354657687 > Kc2: 30415263748596a7 > versionlist[2]: 0001 > select 00 01 > > > Output > mk: 8502e062_35537770_2c0a7c2c_9cfc9fc4_dc4d21d6 > K_aut: b89dafa5_99422bee_db010d3a_6dcded9c > K_encr: d8a6df78_25d9ad9d_2535083c_33a5c1c6 > msk: f5feb9c1_9dbea4dd_cd94b140_17892e4b_f96327cc > 84b16260_f0e6447b_b201018f_102b2217_bb6717c8 > 351115b9_a8248f46_aa33c120_f6e5979f_b27f1c98 > 69da98ed > emsk: 8c1c04ef_4b345a29_50980817_563fc216_844d8e0d > c2e4bc15_886523be_2e149835_ef850c3e_076722dc > e27926e8_d01d1929_3da147a1_62833433_391b8a9a > 20711dd2 > calculated MAC (c412722f_ab82c18d_f5404f45_da872e93_cd950d07 did not match > Sending Access-Request packet to host 127.0.0.1 port 1812, id=66, > length=122 > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > EAP-Code = Response > Message-Authenticator = 0x00000000000000000000000000000000 > NAS-Port = 0 > EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 > EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a > EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab > EAP-Sim-SRES1 = 0x1234abcd > EAP-Sim-SRES2 = 0x234abcd1 > EAP-Sim-SRES3 = 0x34abcd12 > EAP-Sim-KC1 = 0x0011223344556677 > EAP-Sim-KC2 = 0x1021324354657687 > EAP-Sim-KC3 = 0x30415263748596a7 > EAP-Sim-State = 0 > EAP-Sim-Subtype = Start > EAP-Sim-SELECTED_VERSION = 0x0001 > EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 > EAP-Sim-IDENTITY = 0x000665617073696d > EAP-Id = 244 > State = 0x9a9ec8169b6ada46839134a50c8e1d5d > EAP-Message = > 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 > Received Access-Challenge packet from host 127.0.0.1 port 1812, id=66, > length=138 > EAP-Message = > 0x01f50050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251 > Message-Authenticator = 0x6c9b33feb4d0851ed9d2c72e94640cc2 > State = 0x9a9ec816986bda46839134a50c8e1d5d > EAP-Id = 245 > EAP-Code = Request > EAP-Type-SIM = > 0x0b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251 > radeapclient: sim in state init message challenge is illegal. Reply > dropped. > > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > This is the eapsim-in.txt file used in client.sh script > > > User-Name = "eapsim" > NAS-IP-Address = marajade.sandelman.ottawa.on.ca > EAP-Code = Response > EAP-Type-Identity = "eapsim" > Message-Authenticator = 0 > NAS-Port = 0 > EAP-Sim-Rand1 = 0xabcd1234abcd1234abcd1234abcd1234 > EAP-Sim-Rand2 = 0xbcd1234abcd1234abcd1234abcd1234a > EAP-Sim-Rand3 = 0xcd1234abcd1234abcd1234abcd1234ab > EAP-Sim-Sres1 = 0x1234abcd > EAP-Sim-Sres2 = 0x234abcd1 > EAP-Sim-Sres3 = 0x34abcd12 > EAP-Sim-KC1 = 0x0011223344556677 > EAP-Sim-KC2 = 0x1021324354657687 > EAP-Sim-KC3 = 0x30415263748596a7 > > > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > > while on radius debugging console, it says > > > rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=64, > length=71 > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > Message-Authenticator = 0xcdbcb987fbfe7846c70edb63de2af9bb > NAS-Port = 0 > EAP-Message = 0x023f000b0165617073696d > # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "eapsim", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > can not open /usr/local/etc/raddb/simtriplets.dat: No such file or > directory > ++[sim_files] returns notfound > [eap] EAP packet type response id 63 length 11 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > [files] users: Matched entry eapsim at line 24 > ++[files] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group authenticate {...} > [eap] EAP Identity > [eap] processing type sim > [eap] Underlying EAP-Type set EAP ID to 243 > ++[eap] returns handled > Sending Access-Challenge of id 64 to 127.0.0.1 port 29859 > EAP-Message = 0x01f30014120a00000f0200020001000011010100 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x9a9ec8169a6dda46839134a50c8e1d5d > Finished request 0. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=65, > length=122 > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > Message-Authenticator = 0xa62ac94a97d1f99105aef11ea7f7f802 > NAS-Port = 0 > EAP-Message = > 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 > State = 0x9a9ec8169a6dda46839134a50c8e1d5d > # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "eapsim", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > can not open /usr/local/etc/raddb/simtriplets.dat: No such file or > directory > ++[sim_files] returns notfound > [eap] EAP packet type response id 243 length 44 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > [files] users: Matched entry eapsim at line 24 > ++[files] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/sim > [eap] processing type sim > +++> EAP-sim decoded packet: > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > Message-Authenticator = 0xa62ac94a97d1f99105aef11ea7f7f802 > NAS-Port = 0 > EAP-Message = > 0x02f3002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 > State = 0x9a9ec8169a6dda46839134a50c8e1d5d > EAP-Type = SIM > EAP-Sim-Subtype = Start > EAP-Sim-SELECTED_VERSION = 0x0001 > EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 > EAP-Sim-IDENTITY = 0x000665617073696d0000 > [eap] Underlying EAP-Type set EAP ID to 244 > ++[eap] returns handled > Sending Access-Challenge of id 65 to 127.0.0.1 port 29859 > EAP-Message = > 0x01f40050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b050000cd1494bcf2173b38d26c31c3872b60f9 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x9a9ec8169b6ada46839134a50c8e1d5d > Finished request 1. > Going to the next request > Waking up in 4.9 seconds. > rad_recv: Access-Request packet from host 127.0.0.1 port 29859, id=66, > length=122 > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > Message-Authenticator = 0x0066414e52eb81de434cb323e73182dc > NAS-Port = 0 > State = 0x9a9ec8169b6ada46839134a50c8e1d5d > EAP-Message = > 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 > # Executing section authorize from file > /usr/local/etc/raddb/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "eapsim", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > can not open /usr/local/etc/raddb/simtriplets.dat: No such file or > directory > ++[sim_files] returns notfound > [eap] EAP packet type response id 244 length 44 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > [files] users: Matched entry eapsim at line 24 > ++[files] returns ok > ++[expiration] returns noop > ++[logintime] returns noop > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. > ++[pap] returns noop > Found Auth-Type = EAP > # Executing group from file /usr/local/etc/raddb/sites-enabled/default > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/sim > [eap] processing type sim > +++> EAP-sim decoded packet: > User-Name = "eapsim" > NAS-IP-Address = 209.87.252.247 > Message-Authenticator = 0x0066414e52eb81de434cb323e73182dc > NAS-Port = 0 > State = 0x9a9ec8169b6ada46839134a50c8e1d5d > EAP-Message = > 0x02f4002c120a00001001000107050000c9615ec963ada36f11bd4e81093a72710e03000665617073696d0000 > EAP-Type = SIM > EAP-Sim-Subtype = Start > EAP-Sim-SELECTED_VERSION = 0x0001 > EAP-Sim-NONCE_MT = 0x0000c9615ec963ada36f11bd4e81093a7271 > EAP-Sim-IDENTITY = 0x000665617073696d0000 > [eap] Underlying EAP-Type set EAP ID to 245 > ++[eap] returns handled > Sending Access-Challenge of id 66 to 127.0.0.1 port 29859 > EAP-Message = > 0x01f50050120b0000010d0000abcd1234abcd1234abcd1234abcd1234bcd1234abcd1234abcd1234abcd1234acd1234abcd1234abcd1234abcd1234ab0b0500006a93d1ff0e02e0b507f2940ce8e59251 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x9a9ec816986bda46839134a50c8e1d5d > Finished request 2. > Going to the next request > Waking up in 4.9 seconds. > Cleaning up request 0 ID 64 with timestamp +9 > Cleaning up request 1 ID 65 with timestamp +9 > Cleaning up request 2 ID 66 with timestamp +9 > Ready to process requests. > > > > > > Can anybody help me to identify where i am going wrong, and what are the > missing steps here. > > Thanks in Advance. >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html