Hi again,
This is your problem. This is an EAP-AKA/SIM "Client error" packet.
02 - eap response
f7 - ID
000c - length
12 - EAP-SIM
0e - subtype 14 - client error
000016010000 - client error junk
Hmmm interesting. But how can it be working on 2.1.12 with the exact
same client and config? Maybe I can retry with 2.2.0 and see if I still
get this error on multiple retries. I'll get back to you.
No go with 2.2.0, tried with multiple clients. I got you a trace from
2.1.12, maybe you can see the difference:
ad_recv: Access-Request packet from host 10.0.0.24 port 1051, id=84,
length=298
User-Name = "[email protected]"
Calling-Station-Id = "5C-59-48-ED-C4-96"
NAS-IP-Address = 10.0.0.24
NAS-Port = 1
Called-Station-Id = "50-A7-33-31-CF-B8:PacketFence-Ruckus"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "50-A7-33-31-CF-B8"
Connect-Info = "CONNECT 802.11g"
EAP-Message =
0x02000038013133303237323033303539333439353340776c616e2e6d6e633732302e6d63633330322e336770706e6574776f726b2e6f7267
Vendor-25053-Attr-3 = 0x5061636b657446656e63652d5275636b7573
Message-Authenticator = 0xe41d2cabb012a327e68e0ef19e187cfa
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] Looking up realm "wlan.mnc720.mcc302.3gppnetwork.org" for
User-Name = "[email protected]"
[suffix] No such realm "wlan.mnc720.mcc302.3gppnetwork.org"
++[suffix] returns noop
++[preprocess] returns ok
rlm_sim_files: authorized user/imsi [email protected]
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 0 length 56
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Called-Station-Id =
50-A7-33-31-CF-B8:PacketFence-Ruckus
rlm_perl: Added pair Calling-Station-Id = 5C-59-48-ED-C4-96
rlm_perl: Added pair Message-Authenticator =
0xe41d2cabb012a327e68e0ef19e187cfa
rlm_perl: Added pair Vendor-25053-Attr-3 =
0x5061636b657446656e63652d5275636b7573
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair NAS-Identifier = 50-A7-33-31-CF-B8
rlm_perl: Added pair EAP-Message =
0x02000038013133303237323033303539333439353340776c616e2e6d6e633732302e6d63633330322e336770706e6574776f726b2e6f7267
rlm_perl: Added pair Connect-Info = CONNECT 802.11g
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 10.0.0.24
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair EAP-Sim-Rand3 = 0x658719018376aab4d2a5ccde7a21b651
rlm_perl: Added pair EAP-Sim-Rand2 = 0x12314312514145bbdede1d3a5d7d8d81
rlm_perl: Added pair EAP-Sim-SRES1 = 0x4b0bd392
rlm_perl: Added pair EAP-Sim-SRES2 = 0x3fde44f1
rlm_perl: Added pair EAP-Sim-KC1 = 0x838482d6086d5505
rlm_perl: Added pair EAP-Sim-Rand1 = 0x512317ac521bade521831aa3a3a51231
rlm_perl: Added pair EAP-Sim-KC3 = 0x9f62a11a186fb409
rlm_perl: Added pair EAP-Sim-KC2 = 0xb9ea43fb85bca1a1
rlm_perl: Added pair EAP-Sim-SRES3 = 0x1ed3946d
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = SIM
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 26
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 84 to 10.0.0.24 port 1051
EAP-Message = 0x011a0014120a00000f0200020001000011010100
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6594e662658ef44f2c778a0c39bde699
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.24 port 1051, id=85,
length=348
User-Name = "[email protected]"
Calling-Station-Id = "5C-59-48-ED-C4-96"
NAS-IP-Address = 10.0.0.24
NAS-Port = 1
Called-Station-Id = "50-A7-33-31-CF-B8:PacketFence-Ruckus"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "50-A7-33-31-CF-B8"
Connect-Info = "CONNECT 802.11g"
EAP-Message =
0x021a0058120a00000e0e00333133303237323033303539333439353340776c616e2e6d6e633732302e6d63633330322e336770706e6574776f726b2e6f726700100100010705000005f0ed522fe4c61aaef4c1488151e370
State = 0x6594e662658ef44f2c778a0c39bde699
Vendor-25053-Attr-3 = 0x5061636b657446656e63652d5275636b7573
Message-Authenticator = 0x7f5a27e0a1425fa5cd18f46bb0f5b1ef
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] Looking up realm "wlan.mnc720.mcc302.3gppnetwork.org" for
User-Name = "[email protected]"
[suffix] No such realm "wlan.mnc720.mcc302.3gppnetwork.org"
++[suffix] returns noop
++[preprocess] returns ok
rlm_sim_files: authorized user/imsi [email protected]
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 26 length 88
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair State = 0x6594e662658ef44f2c778a0c39bde699
rlm_perl: Added pair Called-Station-Id =
50-A7-33-31-CF-B8:PacketFence-Ruckus
rlm_perl: Added pair Calling-Station-Id = 5C-59-48-ED-C4-96
rlm_perl: Added pair Message-Authenticator =
0x7f5a27e0a1425fa5cd18f46bb0f5b1ef
rlm_perl: Added pair Vendor-25053-Attr-3 =
0x5061636b657446656e63652d5275636b7573
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair NAS-Identifier = 50-A7-33-31-CF-B8
rlm_perl: Added pair EAP-Message =
0x021a0058120a00000e0e00333133303237323033303539333439353340776c616e2e6d6e633732302e6d63633330322e336770706e6574776f726b2e6f726700100100010705000005f0ed522fe4c61aaef4c1488151e370
rlm_perl: Added pair Connect-Info = CONNECT 802.11g
rlm_perl: Added pair EAP-Type = SIM
rlm_perl: Added pair NAS-IP-Address = 10.0.0.24
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair EAP-Sim-Rand3 = 0x658719018376aab4d2a5ccde7a21b651
rlm_perl: Added pair EAP-Sim-Rand2 = 0x12314312514145bbdede1d3a5d7d8d81
rlm_perl: Added pair EAP-Sim-SRES1 = 0x4b0bd392
rlm_perl: Added pair EAP-Sim-SRES2 = 0x3fde44f1
rlm_perl: Added pair EAP-Sim-KC1 = 0x838482d6086d5505
rlm_perl: Added pair EAP-Sim-Rand1 = 0x512317ac521bade521831aa3a3a51231
rlm_perl: Added pair EAP-Sim-KC3 = 0x9f62a11a186fb409
rlm_perl: Added pair EAP-Sim-KC2 = 0xb9ea43fb85bca1a1
rlm_perl: Added pair EAP-Sim-SRES3 = 0x1ed3946d
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = SIM
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++> EAP-sim decoded packet:
NAS-Port-Type = Wireless-802.11
Service-Type = Framed-User
State = 0x6594e662658ef44f2c778a0c39bde699
Called-Station-Id = "50-A7-33-31-CF-B8:PacketFence-Ruckus"
Calling-Station-Id = "5C-59-48-ED-C4-96"
Message-Authenticator = 0x7f5a27e0a1425fa5cd18f46bb0f5b1ef
Vendor-25053-Attr-3 = 0x5061636b657446656e63652d5275636b7573
User-Name = "[email protected]"
NAS-Identifier = "50-A7-33-31-CF-B8"
EAP-Message =
0x021a0058120a00000e0e00333133303237323033303539333439353340776c616e2e6d6e633732302e6d63633330322e336770706e6574776f726b2e6f726700100100010705000005f0ed522fe4c61aaef4c1488151e370
Connect-Info = "CONNECT 802.11g"
EAP-Type = SIM
NAS-IP-Address = 10.0.0.24
NAS-Port = 1
Framed-MTU = 1400
EAP-Sim-Subtype = Start
EAP-Sim-IDENTITY =
0x00333133303237323033303539333439353340776c616e2e6d6e633732302e6d63633330322e336770706e6574776f726b2e6f726700
EAP-Sim-SELECTED_VERSION = 0x0001
EAP-Sim-NONCE_MT = 0x000005f0ed522fe4c61aaef4c1488151e370
[eap] Underlying EAP-Type set EAP ID to 27
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 85 to 10.0.0.24 port 1051
EAP-Message =
0x011b0050120b0000010d0000512317ac521bade521831aa3a3a5123112314312514145bbdede1d3a5d7d8d81658719018376aab4d2a5ccde7a21b6510b050000cbf0403a4e9eb5001804115677697857
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6594e662648ff44f2c778a0c39bde699
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.24 port 1051, id=86,
length=288
User-Name = "[email protected]"
Calling-Station-Id = "5C-59-48-ED-C4-96"
NAS-IP-Address = 10.0.0.24
NAS-Port = 1
Called-Station-Id = "50-A7-33-31-CF-B8:PacketFence-Ruckus"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "50-A7-33-31-CF-B8"
Connect-Info = "CONNECT 802.11g"
EAP-Message = 0x021b001c120b00000b0500005ce51fee12ba6c52690ac927bc4451a2
State = 0x6594e662648ff44f2c778a0c39bde699
Vendor-25053-Attr-3 = 0x5061636b657446656e63652d5275636b7573
Message-Authenticator = 0x973d4bff61816c94815b6990fbfe99c4
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] Looking up realm "wlan.mnc720.mcc302.3gppnetwork.org" for
User-Name = "[email protected]"
[suffix] No such realm "wlan.mnc720.mcc302.3gppnetwork.org"
++[suffix] returns noop
++[preprocess] returns ok
rlm_sim_files: authorized user/imsi [email protected]
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
[eap] EAP packet type response id 27 length 28
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair State = 0x6594e662648ff44f2c778a0c39bde699
rlm_perl: Added pair Called-Station-Id =
50-A7-33-31-CF-B8:PacketFence-Ruckus
rlm_perl: Added pair Calling-Station-Id = 5C-59-48-ED-C4-96
rlm_perl: Added pair Message-Authenticator =
0x973d4bff61816c94815b6990fbfe99c4
rlm_perl: Added pair Vendor-25053-Attr-3 =
0x5061636b657446656e63652d5275636b7573
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair NAS-Identifier = 50-A7-33-31-CF-B8
rlm_perl: Added pair EAP-Message =
0x021b001c120b00000b0500005ce51fee12ba6c52690ac927bc4451a2
rlm_perl: Added pair Connect-Info = CONNECT 802.11g
rlm_perl: Added pair EAP-Type = SIM
rlm_perl: Added pair NAS-IP-Address = 10.0.0.24
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair EAP-Sim-Rand3 = 0x658719018376aab4d2a5ccde7a21b651
rlm_perl: Added pair EAP-Sim-Rand2 = 0x12314312514145bbdede1d3a5d7d8d81
rlm_perl: Added pair EAP-Sim-SRES1 = 0x4b0bd392
rlm_perl: Added pair EAP-Sim-SRES2 = 0x3fde44f1
rlm_perl: Added pair EAP-Sim-KC1 = 0x838482d6086d5505
rlm_perl: Added pair EAP-Sim-Rand1 = 0x512317ac521bade521831aa3a3a51231
rlm_perl: Added pair EAP-Sim-KC3 = 0x9f62a11a186fb409
rlm_perl: Added pair EAP-Sim-KC2 = 0xb9ea43fb85bca1a1
rlm_perl: Added pair EAP-Sim-SRES3 = 0x1ed3946d
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = SIM
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
MAC check succeed
[eap] Underlying EAP-Type set EAP ID to 28
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/usr/local/pf/raddb/sites-enabled/packetfence
+- entering group post-auth {...}
++[exec] returns noop
rlm_perl: Returning vlan 10 to request from 5c:59:48:ed:c4:96 port 1
rlm_perl: PacketFence RESULT RESPONSE CODE: 2 (2 means OK)
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Called-Station-Id =
50-A7-33-31-CF-B8:PacketFence-Ruckus
rlm_perl: Added pair State = 0x6594e662648ff44f2c778a0c39bde699
rlm_perl: Added pair Message-Authenticator =
0x973d4bff61816c94815b6990fbfe99c4
rlm_perl: Added pair Vendor-25053-Attr-3 =
0x5061636b657446656e63652d5275636b7573
rlm_perl: Added pair Connect-Info = CONNECT 802.11g
rlm_perl: Added pair NAS-IP-Address = 10.0.0.24
rlm_perl: Added pair EAP-Type = SIM
rlm_perl: Added pair Calling-Station-Id = 5C-59-48-ED-C4-96
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair EAP-Sim-Subtype = Challenge
rlm_perl: Added pair NAS-Identifier = 50-A7-33-31-CF-B8
rlm_perl: Added pair EAP-Message =
0x021b001c120b00000b0500005ce51fee12ba6c52690ac927bc4451a2
rlm_perl: Added pair EAP-Sim-MAC = 0x00005ce51fee12ba6c52690ac927bc4451a2
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair EAP-Sim-Rand3 = 0x658719018376aab4d2a5ccde7a21b651
rlm_perl: Added pair EAP-Sim-SRES1 = 0x4b0bd392
rlm_perl: Added pair EAP-Id = 28
rlm_perl: Added pair MS-MPPE-Send-Key =
0xa7b5d6ea41e522f2d8a5b46febddca821c76e01de9c401fc1d469fa02a499429
rlm_perl: Added pair Tunnel-Type = 13
rlm_perl: Added pair EAP-Sim-KC1 = 0x838482d6086d5505
rlm_perl: Added pair EAP-Sim-Rand1 = 0x512317ac521bade521831aa3a3a51231
rlm_perl: Added pair Message-Authenticator =
0x00000000000000000000000000000000
rlm_perl: Added pair Tunnel-Private-Group-ID = 10
rlm_perl: Added pair EAP-Sim-KC3 = 0x9f62a11a186fb409
rlm_perl: Added pair EAP-Sim-Rand2 = 0x12314312514145bbdede1d3a5d7d8d81
rlm_perl: Added pair Tunnel-Medium-Type = 6
rlm_perl: Added pair EAP-Sim-SRES2 = 0x3fde44f1
rlm_perl: Added pair User-Name = [email protected]
rlm_perl: Added pair MS-MPPE-Recv-Key =
0x6d540f94b0b70378232cb2d9e5fd90e4c6e11e57902b61d5642bc83de1b6dbfa
rlm_perl: Added pair EAP-Message = 0x031c0004
rlm_perl: Added pair EAP-Sim-KC2 = 0xb9ea43fb85bca1a1
rlm_perl: Added pair EAP-Sim-SRES3 = 0x1ed3946d
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair EAP-Type = SIM
++[packetfence] returns ok
} # server packetfence
Sending Access-Accept of id 86 to 10.0.0.24 port 1051
MS-MPPE-Send-Key =
0xa7b5d6ea41e522f2d8a5b46febddca821c76e01de9c401fc1d469fa02a499429
Tunnel-Type:0 = VLAN
Message-Authenticator = 0x00000000000000000000000000000000
Tunnel-Private-Group-Id:0 = "10"
Tunnel-Medium-Type:0 = IEEE-802
User-Name = "[email protected]"
MS-MPPE-Recv-Key =
0x6d540f94b0b70378232cb2d9e5fd90e4c6e11e57902b61d5642bc83de1b6dbfa
EAP-Message = 0x031c0004
Finished request 2.
Thanks!
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
