Closed forwardpointer closed 2 years ago
Unexpected behaviour (obvious or verified by project member)
The typo can be found in the master branch.
In the default configuration file provided in raddb/sites-available/eap-aka-sim, there are optional sections called Start-Request and Start-Response
# send Start-Request { # ok # } # recv Start-Response { # ok # }
However, the corresponding name that freeradius looks for is found in src/process/eap_sim/base.c
/* * Optional override sections if the user *really* * wants to apply special policies for subsequent * request/response rounds. */ { .name = "send", .name2 = "Start", // <------------ should be Start-Request .component = MOD_AUTHORIZE, .offset = offsetof(eap_aka_sim_process_conf_t, actions.send_sim_start_request) }, { .name = "recv", .name2 = "Start", // <------------ should be Start-Response .component = MOD_AUTHORIZE, .offset = offsetof(eap_aka_sim_process_conf_t, actions.recv_sim_start_response) },
If the user wants to apply special policies for EAP-SIM then the default configuration file provided would not work for them.
Info : FreeRADIUS Version 4.0.0 Info : Copyright 1999-2021 The FreeRADIUS server project and contributors Info : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Info : PARTICULAR PURPOSE Info : You may redistribute copies of FreeRADIUS under the terms of the Info : GNU General Public License Info : For more information about these matters, see the file named COPYRIGHT Info : Starting - reading configuration files ... Debug : Including dictionary file "/etc/freeradius/dictionary" Debug : including configuration file /etc/freeradius/radiusd.conf Debug : Including files in directory "/etc/freeradius/template.d/" Debug : including configuration file /etc/freeradius/template.d/default Debug : including configuration file /etc/freeradius/clients.conf Debug : Including files in directory "/etc/freeradius/mods-enabled/" Debug : including configuration file /etc/freeradius/mods-enabled/always Debug : including configuration file /etc/freeradius/mods-enabled/attr_filter Debug : including configuration file /etc/freeradius/mods-enabled/cache_eap Debug : including configuration file /etc/freeradius/mods-enabled/chap Debug : including configuration file /etc/freeradius/mods-enabled/client Debug : including configuration file /etc/freeradius/mods-enabled/delay Debug : including configuration file /etc/freeradius/mods-enabled/detail Debug : including configuration file /etc/freeradius/mods-enabled/detail.log Debug : including configuration file /etc/freeradius/mods-enabled/dhcpv4 Debug : including configuration file /etc/freeradius/mods-enabled/digest Debug : including configuration file /etc/freeradius/mods-enabled/eap Debug : including configuration file /etc/freeradius/mods-enabled/eap_inner Debug : including configuration file /etc/freeradius/mods-enabled/echo Debug : including configuration file /etc/freeradius/mods-enabled/exec Debug : including configuration file /etc/freeradius/mods-enabled/expiration Debug : including configuration file /etc/freeradius/mods-enabled/expr Debug : including configuration file /etc/freeradius/mods-enabled/files Debug : including configuration file /etc/freeradius/mods-enabled/linelog Debug : including configuration file /etc/freeradius/mods-enabled/logintime Debug : including configuration file /etc/freeradius/mods-enabled/mschap Debug : including configuration file /etc/freeradius/mods-enabled/ntlm_auth Debug : including configuration file /etc/freeradius/mods-enabled/pam Debug : including configuration file /etc/freeradius/mods-enabled/pap Debug : including configuration file /etc/freeradius/mods-enabled/passwd Debug : including configuration file /etc/freeradius/mods-enabled/radutmp Debug : including configuration file /etc/freeradius/mods-enabled/soh Debug : including configuration file /etc/freeradius/mods-enabled/sradutmp Debug : including configuration file /etc/freeradius/mods-enabled/stats Debug : including configuration file /etc/freeradius/mods-enabled/unix Debug : including configuration file /etc/freeradius/mods-enabled/unpack Debug : including configuration file /etc/freeradius/mods-enabled/utf8 Debug : Including files in directory "/etc/freeradius/policy.d/" Debug : including configuration file /etc/freeradius/policy.d/abfab-tr Debug : including configuration file /etc/freeradius/policy.d/accounting Debug : including configuration file /etc/freeradius/policy.d/canonicalisation Debug : including configuration file /etc/freeradius/policy.d/control Debug : including configuration file /etc/freeradius/policy.d/cui Debug : including configuration file /etc/freeradius/policy.d/debug Debug : including configuration file /etc/freeradius/policy.d/dhcp Debug : including configuration file /etc/freeradius/policy.d/eap Debug : including configuration file /etc/freeradius/policy.d/filter Debug : including configuration file /etc/freeradius/policy.d/operator-name Debug : including configuration file /etc/freeradius/policy.d/tacacs Debug : including configuration file /etc/freeradius/policy.d/time Debug : including configuration file /etc/freeradius/policy.d/vendor Debug : Including files in directory "/etc/freeradius/sites-enabled/" Debug : including configuration file /etc/freeradius/sites-enabled/default Info : Loaded module "process_radius" Info : Loaded module "proto_radius" Debug : including configuration file /etc/freeradius/sites-enabled/eap-aka-sim Info : Loaded module "process_eap_aka" Debug : including configuration file /etc/freeradius/sites-enabled/inner-tunnel Debug : Parsing security rules to bootstrap UID / GID / chroot / etc. Debug : main { Debug : prefix = /usr Debug : security { Debug : user = freerad Debug : group = freerad Debug : allow_core_dumps = no Debug : openssl_fips_mode = no Debug : } Debug : name = freeradius Debug : local_state_dir = "/usr/var" Debug : run_dir = /var/run/freeradius Debug : } Debug : Parsing main configuration. Debug : main { Debug : server default { Debug : namespace = radius Debug : radius { Debug : Access-Request { Debug : log { Debug : stripped_names = no Debug : auth = no Debug : auth_badpass = no Debug : auth_goodpass = no Debug : msg_denied = "You are already logged in - access denied" Debug : } Debug : session { Debug : timeout = 15 Debug : max = 4096 Debug : } Debug : } Debug : } Debug : listen { Debug : type = Access-Request Debug : type = Status-Server Debug : transport = udp Info : Loaded module "proto_radius_udp" Debug : udp { Debug : ipaddr = * Debug : port = 1812 Debug : networks { Debug : allow = 127/8 Debug : allow = 192.0.2/24 Debug : } Debug : max_packet_size = 4096 Debug : max_attributes = 255 Debug : } Debug : limit { Debug : cleanup_delay = 5 Debug : idle_timeout = 60 Debug : nak_lifetime = 30 Debug : max_connections = 256 Debug : max_clients = 256 Debug : max_pending_packets = 256 Debug : } Debug : priority { Debug : Access-Request = high Debug : Accounting-Request = low Debug : CoA-Request = normal Debug : Disconnect-Request = low Debug : Status-Server = now Debug : } Debug : } Debug : listen { Debug : type = Access-Request Debug : type = Status-Server Debug : transport = tcp Info : Loaded module "proto_radius_tcp" Debug : tcp { Debug : ipaddr = * Debug : port = 1812 Debug : networks { Debug : allow = 127/8 Debug : allow = 192.0.2/24 Debug : } Debug : max_packet_size = 4096 Debug : max_attributes = 255 Debug : } Debug : limit { Debug : cleanup_delay = 5 Debug : idle_timeout = 30 Debug : nak_lifetime = 30 Debug : max_connections = 1024 Debug : max_clients = 256 Debug : max_pending_packets = 256 Debug : } Debug : priority { Debug : Access-Request = high Debug : Accounting-Request = low Debug : CoA-Request = normal Debug : Disconnect-Request = low Debug : Status-Server = now Debug : } Debug : } Debug : listen { Debug : type = Accounting-Request Debug : transport = udp Debug : udp { Debug : ipaddr = * Debug : port = 1813 Debug : networks { Debug : } Debug : max_packet_size = 4096 Debug : max_attributes = 255 Debug : } Debug : limit { Debug : cleanup_delay = 5 Debug : idle_timeout = 30 Debug : nak_lifetime = 30 Debug : max_connections = 1024 Debug : max_clients = 256 Debug : max_pending_packets = 256 Debug : } Debug : priority { Debug : Access-Request = high Debug : Accounting-Request = low Debug : CoA-Request = normal Debug : Disconnect-Request = low Debug : Status-Server = now Debug : } Debug : } Debug : } Debug : server eap-aka-sim { Debug : namespace = eap-aka Debug : eap-aka { Debug : strip_permanent_identity_hint = yes Debug : ephemeral_id_length = 14 Debug : protected_success = no Debug : } Debug : } Debug : server inner-tunnel { Debug : namespace = radius Debug : radius { Debug : Access-Request { Debug : log { Debug : stripped_names = no Debug : auth = no Debug : auth_badpass = no Debug : auth_goodpass = no Debug : msg_denied = "You are already logged in - access denied" Debug : } Debug : session { Debug : timeout = 15 Debug : max = 4096 Debug : } Debug : } Debug : } Debug : listen { Debug : type = Access-Request Debug : transport = udp Debug : udp { Debug : ipaddr = 127.0.0.1 Debug : port = 18120 Debug : networks { Debug : } Debug : max_packet_size = 4096 Debug : max_attributes = 255 Debug : } Debug : limit { Debug : cleanup_delay = 5 Debug : idle_timeout = 30 Debug : nak_lifetime = 30 Debug : max_connections = 1024 Debug : max_clients = 256 Debug : max_pending_packets = 256 Debug : } Debug : priority { Debug : Access-Request = high Debug : Accounting-Request = low Debug : CoA-Request = normal Debug : Disconnect-Request = low Debug : Status-Server = now Debug : } Debug : } Debug : } Debug : security { Debug : } Debug : sbin_dir = "/usr/sbin" Debug : logdir = /var/log/freeradius Debug : radacctdir = /var/log/freeradius/radacct Debug : reverse_lookups = no Debug : hostname_lookups = yes Debug : max_request_time = 30 Debug : pidfile = /var/run/freeradius/freeradius.pid Debug : debug_level = 0 Debug : max_requests = 16384 Debug : log { Debug : colourise = yes Debug : } Debug : resources { Debug : } Debug : thread pool { Debug : num_networks = 1 Debug : num_workers = 4 Debug : } Debug : } Info : Switching to configured log settings Debug : freeradius: #### Loading Clients #### Debug : client localhost { Debug : ipaddr = 127.0.0.1 Debug : require_message_authenticator = no Debug : secret = <<< secret >>> Debug : proto = * Debug : limit { Debug : max_connections = 16 Debug : lifetime = 0 Debug : idle_timeout = 30 Debug : } Debug : } Debug : client localhost_ipv6 { Debug : ipv6addr = ::1 Debug : require_message_authenticator = no Debug : secret = <<< secret >>> Debug : limit { Debug : max_connections = 16 Debug : lifetime = 0 Debug : idle_timeout = 30 Debug : } Debug : } Debug : client example.org { Debug : ipaddr = 0.0.0.0/0 Debug : require_message_authenticator = no Debug : secret = <<< secret >>> Debug : limit { Debug : max_connections = 16 Debug : lifetime = 0 Debug : idle_timeout = 30 Debug : } Debug : } Info : Debugger not attached Info : systemd watchdog is disabled Warn : trigger { ... } subsection not found, triggers will be disabled Debug : #### Bootstrapping listeners #### Debug : client localhost { Debug : ipaddr = 192.0.2.1 Debug : require_message_authenticator = no Debug : secret = <<< secret >>> Debug : shortname = sample Debug : limit { Debug : max_connections = 16 Debug : lifetime = 0 Debug : idle_timeout = 30 Debug : } Debug : } Debug : Creating Auth-Type = pap Debug : Creating Auth-Type = chap Debug : Creating Auth-Type = mschap Debug : Creating Auth-Type = digest Debug : Creating Auth-Type = ldap Debug : Creating Auth-Type = eap Debug : #### Bootstrapping modules #### Debug : modules { Info : Loaded module "rlm_always" Debug : always reject { Debug : rcode = reject Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "reject" Debug : always fail { Debug : rcode = fail Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "fail" Debug : always ok { Debug : rcode = ok Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "ok" Debug : always handled { Debug : rcode = handled Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "handled" Debug : always invalid { Debug : rcode = invalid Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "invalid" Debug : always disallow { Debug : rcode = disallow Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "disallow" Debug : always notfound { Debug : rcode = notfound Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "notfound" Debug : always noop { Debug : rcode = noop Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "noop" Debug : always updated { Debug : rcode = updated Debug : simulcount = 0 Debug : mpp = no Debug : } Debug : Bootstrapping module "updated" Info : Loaded module "rlm_attr_filter" Debug : attr_filter attr_filter.pre-proxy { Debug : filename = /etc/freeradius/mods-config/attr_filter/pre-proxy Debug : key = "%{Realm}" Debug : relaxed = no Debug : } Debug : attr_filter attr_filter.post-proxy { Debug : filename = /etc/freeradius/mods-config/attr_filter/post-proxy Debug : key = "%{Realm}" Debug : relaxed = no Debug : } Debug : attr_filter attr_filter.access_reject { Debug : filename = /etc/freeradius/mods-config/attr_filter/access_reject Debug : key = "%{User-Name}" Debug : relaxed = no Debug : } Debug : attr_filter attr_filter.access_challenge { Debug : filename = /etc/freeradius/mods-config/attr_filter/access_challenge Debug : key = "%{User-Name}" Debug : relaxed = no Debug : } Debug : attr_filter attr_filter.accounting_response { Debug : filename = /etc/freeradius/mods-config/attr_filter/accounting_response Debug : key = "%{User-Name}" Debug : relaxed = no Debug : } Info : Loaded module "rlm_cache" Debug : cache cache_eap { Debug : driver = "rlm_cache_rbtree" Debug : key = "%{%{control.State}:-%{%{reply.State}:-%{State}}}" Debug : ttl = 15 Debug : max_entries = 0 Debug : epoch = 0 Debug : add_stats = no Debug : } Debug : Bootstrapping module "cache_eap" Info : Loaded module "rlm_cache_rbtree" Info : Loaded module "rlm_chap" Debug : Bootstrapping module "chap" Info : Loaded module "rlm_client" Debug : Bootstrapping module "client" Info : Loaded module "rlm_delay" Debug : delay { Debug : delay = 1.0 Debug : relative = no Debug : force_reschedule = no Debug : } Debug : Bootstrapping module "delay" Debug : delay delay_reject { Debug : delay = "%{%{reply.FreeRADIUS-Response-Delay}:-1}" Debug : relative = yes Debug : force_reschedule = no Debug : } Debug : Bootstrapping module "delay_reject" Info : Loaded module "rlm_detail" Debug : detail { Debug : filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y-%m-%d Debug : header = "%t" Debug : permissions = 384 Debug : locking = no Debug : escape_filenames = no Debug : log_packet_header = no Debug : } Debug : detail auth_log { Debug : filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y-%m-%d Debug : header = "%t" Debug : permissions = 384 Debug : locking = no Debug : escape_filenames = no Debug : log_packet_header = no Debug : } Debug : detail reply_log { Debug : filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y-%m-%d Debug : header = "%t" Debug : permissions = 384 Debug : locking = no Debug : escape_filenames = no Debug : log_packet_header = no Debug : } Debug : detail pre_proxy_log { Debug : filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y-%m-%d Debug : header = "%t" Debug : permissions = 384 Debug : locking = no Debug : escape_filenames = no Debug : log_packet_header = no Debug : } Debug : detail post_proxy_log { Debug : filename = /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y-%m-%d Debug : header = "%t" Debug : permissions = 384 Debug : locking = no Debug : escape_filenames = no Debug : log_packet_header = no Debug : } Info : Loaded module "rlm_dhcpv4" Info : Loaded module "rlm_digest" Debug : Bootstrapping module "digest" Info : Loaded module "rlm_eap" Debug : eap { Debug : default_eap_type = aka Debug : type = md5 Debug : type = gtc Debug : type = tls Debug : type = ttls Debug : type = mschapv2 Debug : type = peap Debug : type = aka Debug : ignore_unknown_eap_types = no Debug : cisco_accounting_username_bug = no Debug : } Debug : Bootstrapping module "eap" Info : Loaded module "rlm_eap_md5" Info : Loaded module "rlm_eap_gtc" Debug : gtc { Debug : challenge = "Password: " Debug : auth_type = PAP Debug : } Info : Loaded module "rlm_eap_tls" Debug : tls { Debug : tls = tls-common Debug : require_client_cert = yes Debug : include_length = yes Debug : } Info : Loaded module "rlm_eap_ttls" Debug : ttls { Debug : tls = tls-common Debug : virtual_server = "inner-tunnel" Debug : include_length = yes Debug : require_client_cert = no Debug : } Info : Loaded module "rlm_eap_mschapv2" Debug : mschapv2 { Debug : with_ntdomain_hack = no Debug : auth_type = mschap Debug : send_error = no Debug : } Info : Loaded module "rlm_eap_peap" Debug : peap { Debug : tls = tls-common Debug : virtual_server = "inner-tunnel" Debug : soh = no Debug : require_client_cert = no Debug : } Info : Loaded module "rlm_eap_aka" Debug : aka { Debug : virtual_server = eap-aka-sim Debug : prefer_aka_prime = no Debug : } Debug : eap inner-eap { Debug : default_eap_type = mschapv2 Debug : type = md5 Debug : type = gtc Debug : type = mschapv2 Debug : type = tls Debug : ignore_unknown_eap_types = no Debug : cisco_accounting_username_bug = no Debug : } Debug : Bootstrapping module "inner-eap" Debug : gtc { Debug : challenge = "Password: " Debug : auth_type = PAP Debug : } Debug : mschapv2 { Debug : with_ntdomain_hack = no Debug : auth_type = mschap Debug : send_error = no Debug : } Debug : tls { Debug : tls = tls-peer Debug : require_client_cert = yes Debug : include_length = yes Debug : } Info : Loaded module "rlm_exec" Debug : exec echo { Debug : wait = yes Debug : program = "/bin/echo %{User-Name}" Debug : input_pairs = request Debug : output_pairs = reply Debug : shell_escape = yes Debug : } Debug : Bootstrapping module "echo" Debug : exec { Debug : wait = yes Debug : input_pairs = request Debug : shell_escape = yes Debug : timeout = 10 Debug : } Debug : Bootstrapping module "exec" Info : Loaded module "rlm_expiration" Info : Loaded module "rlm_expr" Debug : Bootstrapping module "expr" Info : Loaded module "rlm_files" Debug : files { Debug : filename = /etc/freeradius/mods-config/files/authorize Debug : acctusersfile = /etc/freeradius/mods-config/files/accounting Debug : key = "%{%{Stripped-User-Name}:-%{User-Name}}" Debug : } Info : Loaded module "rlm_linelog" Debug : linelog { Debug : destination = file Debug : delimiter = "\n" Debug : format = "This is a log message for %{User-Name}" Debug : reference = "messages.%{%{reply.Packet-Type}:-default}" Debug : file { Debug : filename = /var/log/freeradius/linelog Debug : permissions = 384 Debug : escape_filenames = no Debug : } Debug : syslog { Debug : severity = "info" Debug : } Debug : unix { Debug : } Debug : tcp { Debug : server = localhost IPv4 address [127.0.0.1] Debug : port = 514 Debug : timeout = 2 Debug : } Debug : udp { Debug : server = localhost IPv4 address [127.0.0.1] Debug : port = 514 Debug : timeout = 2 Debug : } Debug : } Debug : linelog log_accounting { Debug : destination = file Debug : delimiter = "\n" Debug : format = "" Debug : reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" Debug : file { Debug : filename = /var/log/freeradius/linelog-accounting Debug : permissions = 384 Debug : escape_filenames = no Debug : } Debug : syslog { Debug : severity = "info" Debug : } Debug : unix { Debug : } Debug : tcp { Debug : timeout = 1000 Debug : } Debug : udp { Debug : timeout = 1000 Debug : } Debug : } Info : Loaded module "rlm_logintime" Debug : logintime { Debug : minimum_timeout = 60 Debug : } Info : Loaded module "rlm_mschap" Debug : mschap { Debug : normalise = yes Debug : use_mppe = yes Debug : require_encryption = no Debug : require_strong = no Debug : with_ntdomain_hack = yes Debug : passchange { Debug : } Debug : allow_retry = yes Debug : winbind { Debug : retry_with_normalised_username = no Debug : } Debug : } Debug : Bootstrapping module "mschap" Debug : exec ntlm_auth { Debug : wait = yes Debug : program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}" Debug : shell_escape = yes Debug : } Debug : Bootstrapping module "ntlm_auth" Info : Loaded module "rlm_pam" Debug : pam { Debug : pam_auth = radiusd Debug : } Info : Loaded module "rlm_pap" Debug : pap { Debug : normalise = yes Debug : } Debug : Bootstrapping module "pap" Info : Loaded module "rlm_passwd" Debug : passwd etc_passwd { Debug : filename = /etc/passwd Debug : format = "*User-Name:Crypt-Password:" Debug : delimiter = ":" Debug : ignore_nislike = no Debug : ignore_empty = yes Debug : allow_multiple_keys = no Debug : hash_size = 100 Debug : } Info : Loaded module "rlm_radutmp" Debug : radutmp { Debug : filename = /var/log/freeradius/radutmp Debug : username = "%{User-Name}" Debug : check_with_nas = yes Debug : permissions = 384 Debug : caller_id = no Debug : } Info : Loaded module "rlm_soh" Debug : soh { Debug : dhcp = yes Debug : } Debug : Bootstrapping module "soh" Debug : radutmp sradutmp { Debug : filename = /var/log/freeradius/sradutmp Debug : username = "%{User-Name}" Debug : check_with_nas = yes Debug : permissions = 420 Debug : caller_id = no Debug : } Info : Loaded module "rlm_stats" Debug : stats { Debug : } Info : Loaded module "rlm_unix" Debug : unix { Debug : } Debug : Bootstrapping module "unix" Debug : Creating attribute Unix-Group Info : Loaded module "rlm_unpack" Debug : Bootstrapping module "unpack" Info : Loaded module "rlm_utf8" Debug : instantiate { Debug : } Debug : } # modules Debug : #### Instantiating listeners #### Debug : Compiling policies in server default { ... } Debug : Compiling policies in - recv Access-Request {...} Warn : /etc/freeradius/sites-enabled/default[795]: Ignoring "-sql" as the "sql" module is not enabled. Warn : /etc/freeradius/sites-enabled/default[811]: Ignoring "-ldap" as the "ldap" module is not enabled. Debug : Compiling policies in - send Access-Accept {...} Warn : /etc/freeradius/sites-enabled/default[1122]: Ignoring "-sql" as the "sql" module is not enabled. Warn : /etc/freeradius/policy.d/eap[78]: Please use the 'filter' keyword for attribute filtering Debug : Compiling policies in - send Access-Challenge {...} Debug : Compiling policies in - send Access-Reject {...} Warn : /etc/freeradius/sites-enabled/default[1246]: Ignoring "-sql" as the "sql" module is not enabled. Warn : /etc/freeradius/policy.d/eap[78]: Please use the 'filter' keyword for attribute filtering Debug : Compiling policies in - recv Accounting-Request {...} Debug : Compiling policies in - send Accounting-Response {...} Warn : /etc/freeradius/sites-enabled/default[1465]: Ignoring "-sql" as the "sql" module is not enabled. Debug : Compiling policies in - recv Status-Server {...} Debug : Compiling policies in - authenticate pap {...} Debug : Compiling policies in - authenticate chap {...} Debug : Compiling policies in - authenticate mschap {...} Debug : Compiling policies in - authenticate digest {...} Debug : Compiling policies in - authenticate ldap {...} Warn : /etc/freeradius/sites-enabled/default[981]: Ignoring "-ldap" as the "ldap" module is not enabled. Debug : Compiling policies in - authenticate eap {...} Warn : /etc/freeradius/sites-enabled/default[80]: radius { ... } section is unused Warn : /etc/freeradius/sites-enabled/default[1354]: accounting Start { ... } section is unused Warn : /etc/freeradius/sites-enabled/default[1361]: accounting Stop { ... } section is unused Warn : /etc/freeradius/sites-enabled/default[1368]: accounting Alive { ... } section is unused Warn : /etc/freeradius/sites-enabled/default[1375]: accounting Accounting-On { ... } section is unused Warn : /etc/freeradius/sites-enabled/default[1382]: accounting Accounting-Off { ... } section is unused Warn : /etc/freeradius/sites-enabled/default[1389]: accounting Failed { ... } section is unused Debug : Compiling policies in server eap-aka-sim { ... } Debug : Compiling policies in - recv Identity-Response {...} Debug : Compiling policies in - send Identity-Request {...} Debug : Compiling policies in - send Challenge-Request {...} Debug : Compiling policies in - recv Challenge-Response {...} Debug : Compiling policies in - send Reauthentication-Request {...} Debug : Compiling policies in - recv Reauthentication-Response {...} Debug : Compiling policies in - recv Client-Error {...} Debug : Compiling policies in - recv Authentication-Reject {...} Debug : Compiling policies in - send Failure-Notification {...} Debug : Compiling policies in - recv Failure-Notification-ACK {...} Debug : Compiling policies in - send Success-Notification {...} Debug : Compiling policies in - recv Success-Notification-ACK {...} Debug : Compiling policies in - send EAP-Success {...} Debug : Compiling policies in - store session {...} Debug : Compiling policies in - load session {...} Debug : Compiling policies in - clear session {...} Debug : Compiling policies in - store pseudonym {...} Debug : Compiling policies in - load pseudonym {...} Debug : Compiling policies in - clear pseudonym {...} Warn : /etc/freeradius/sites-enabled/eap-aka-sim[214]: send Start-Request { ... } section is unused Warn : /etc/freeradius/sites-enabled/eap-aka-sim[231]: recv Start-Response { ... } section is unused Warn : /etc/freeradius/sites-enabled/eap-aka-sim[525]: recv Synchronization-Failure { ... } section is unused Warn : /etc/freeradius/sites-enabled/eap-aka-sim[583]: recv EAP-Failure { ... } section is unused Warn : eap-aka { ... } section is unused Debug : Compiling policies in server inner-tunnel { ... } Debug : Compiling policies in - recv Access-Request {...} Warn : /etc/freeradius/sites-enabled/inner-tunnel[124]: Ignoring "-sql" as the "sql" module is not enabled. Warn : /etc/freeradius/sites-enabled/inner-tunnel[134]: Ignoring "-ldap" as the "ldap" module is not enabled. Debug : Compiling policies in - send Access-Accept {...} Warn : /etc/freeradius/sites-enabled/inner-tunnel[269]: Ignoring "-sql" as the "sql" module is not enabled. Debug : Compiling policies in - send Access-Reject {...} Warn : /etc/freeradius/sites-enabled/inner-tunnel[304]: Ignoring "-sql" as the "sql" module is not enabled. Debug : Compiling policies in - authenticate pap {...} Debug : Compiling policies in - authenticate chap {...} Debug : Compiling policies in - authenticate mschap {...} Debug : Compiling policies in - authenticate eap {...} Warn : radius { ... } section is unused Debug : #### Instantiating modules #### Debug : Instantiating module "attr_filter.access_challenge" Debug : Reading file /etc/freeradius/mods-config/attr_filter/access_challenge Debug : Instantiating module "attr_filter.access_reject" Debug : Reading file /etc/freeradius/mods-config/attr_filter/access_reject Debug : Instantiating module "attr_filter.accounting_response" Debug : Reading file /etc/freeradius/mods-config/attr_filter/accounting_response Debug : Instantiating module "attr_filter.post-proxy" Debug : Reading file /etc/freeradius/mods-config/attr_filter/post-proxy Debug : Instantiating module "attr_filter.pre-proxy" Debug : Reading file /etc/freeradius/mods-config/attr_filter/pre-proxy Debug : Instantiating module "auth_log" Debug : rlm_detail (auth_log) - 'User-Password' suppressed, will not appear in detail output Debug : Instantiating module "cache_eap" Debug : Instantiating module "chap" Debug : Instantiating module "detail" Debug : Instantiating module "digest" Debug : Instantiating module "disallow" Debug : Instantiating module "eap" Debug : Instantiating module "echo" Debug : Instantiating module "etc_passwd" Debug : Instantiating module "exec" Debug : Instantiating module "expiration" Debug : Instantiating module "fail" Debug : Instantiating module "files" Debug : Reading file /etc/freeradius/mods-config/files/authorize Debug : Reading file /etc/freeradius/mods-config/files/accounting Debug : Instantiating module "handled" Debug : Instantiating module "inner-eap" Warn : rlm_eap (inner-eap) - Failed to find 'authenticate inner-eap {...}' section. EAP authentication will likely not work Debug : Instantiating module "invalid" Debug : Instantiating module "linelog" Debug : Instantiating module "log_accounting" Debug : Instantiating module "logintime" Debug : Instantiating module "mschap" Debug : rlm_mschap (mschap) - Using internal authentication Debug : Instantiating module "noop" Debug : Instantiating module "notfound" Debug : Instantiating module "ntlm_auth" Debug : Instantiating module "ok" Debug : Instantiating module "pam" Debug : Instantiating module "pap" Debug : Instantiating module "post_proxy_log" Debug : Instantiating module "pre_proxy_log" Debug : Instantiating module "reject" Debug : Instantiating module "reply_log" Debug : Instantiating module "stats" Debug : Instantiating module "updated" Debug : Instantiating module "cache_eap.rbtree" Debug : Instantiating module "eap.aka" Debug : Instantiating module "eap.mschapv2" Debug : Instantiating module "eap.peap" Debug : tls-config tls-common { Debug : auto_chain = yes Debug : chain rsa { Debug : format = pem Debug : certificate_file = /etc/freeradius/certs/rsa/server.pem Debug : private_key_password = <<< secret >>> Debug : private_key_file = /etc/freeradius/certs/rsa/server.key Debug : ca_file = /etc/freeradius/certs/rsa/ca.pem Debug : verify_mode = hard Debug : include_root_ca = no Debug : } Debug : verify_depth = 0 Debug : ca_path = /etc/freeradius/certs Debug : ca_file = /etc/freeradius/certs/rsa/ca.pem Debug : dh_file = /etc/freeradius/certs/dh Debug : fragment_size = 1024 Debug : check_crl = no Debug : cipher_list = "DEFAULT" Debug : cipher_server_preference = yes Debug : allow_renegotiation = no Debug : ecdh_curve = prime256v1 Debug : tls_min_version = 1.200000 Debug : cache { Debug : name = "%{EAP-Type}%{Virtual-Server}" Debug : lifetime = 86400 Debug : verify = no Debug : require_extended_master_secret = yes Debug : require_perfect_forward_secrecy = no Debug : } Debug : verify { Debug : } Debug : ocsp { Debug : enable = no Debug : override_cert_url = yes Debug : url = "http://127.0.0.1/ocsp/" Debug : use_nonce = yes Debug : timeout = 0 Debug : softfail = no Debug : } Debug : staple { Debug : enable = no Debug : override_cert_url = yes Debug : url = "http://127.0.0.1/ocsp/" Debug : use_nonce = yes Debug : timeout = 0 Debug : softfail = no Debug : } Debug : } Debug : Instantiating module "eap.tls" Debug : tls - Using cached TLS configuration from previous invocation Debug : Instantiating module "eap.ttls" Debug : tls - Using cached TLS configuration from previous invocation Debug : Instantiating module "inner-eap.mschapv2" Debug : Instantiating module "inner-eap.tls" Debug : tls-config tls-peer { Debug : auto_chain = yes Debug : chain { Debug : format = pem Debug : certificate_file = /etc/freeradius/certs/rsa/server.pem Debug : private_key_password = <<< secret >>> Debug : private_key_file = /etc/freeradius/certs/rsa/server.key Debug : ca_file = /etc/freeradius/certs/rsa/ca.pem Debug : verify_mode = hard Debug : include_root_ca = no Debug : } Debug : verify_depth = 0 Debug : ca_path = /etc/freeradius/certs Debug : ca_file = /etc/freeradius/certs/rsa/ca.pem Debug : dh_file = /etc/freeradius/certs/dh Debug : fragment_size = 16384 Debug : check_crl = no Debug : cipher_server_preference = yes Debug : allow_renegotiation = no Debug : ecdh_curve = "prime256v1" Debug : tls_min_version = 1.200000 Debug : cache { Debug : name = "%{EAP-Type}%{Virtual-Server}" Debug : lifetime = 86400 Debug : verify = no Debug : require_extended_master_secret = yes Debug : require_perfect_forward_secrecy = no Debug : } Debug : verify { Debug : } Debug : ocsp { Debug : enable = no Debug : override_cert_url = no Debug : use_nonce = yes Debug : timeout = 0 Debug : softfail = no Debug : } Debug : staple { Debug : enable = no Debug : override_cert_url = no Debug : use_nonce = yes Debug : timeout = 0 Debug : softfail = no Debug : } Debug : } Debug : Scheduler created in single-threaded mode Debug : #### Opening listener interfaces #### Info : Ready to process requests Debug : Listening on radius_udp server * port 1812 bound to virtual server default Debug : Listening on radius_tcp server * port 1812 bound to virtual server default Debug : Listening on radius_udp server * port 1813 bound to virtual server default Debug : Listening on radius_udp server 127.0.0.1 port 18120 bound to virtual server inner-tunnel Info : Signalled to terminate Info : Exiting normally
No response
They've changed names a few times. Thanks for opening an issue for this, I've pushed a fix.
What type of defect/bug is this?
Unexpected behaviour (obvious or verified by project member)
How can the issue be reproduced?
The typo can be found in the master branch.
In the default configuration file provided in raddb/sites-available/eap-aka-sim, there are optional sections called Start-Request and Start-Response
However, the corresponding name that freeradius looks for is found in src/process/eap_sim/base.c
If the user wants to apply special policies for EAP-SIM then the default configuration file provided would not work for them.
Log output from the FreeRADIUS daemon
Relevant log output from client utilities
No response
Backtrace from LLDB or GDB
No response