Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SBR Carrier] Log message: 'Did not recv a Useful Identity'. What does it mean?

0

0

Article ID: KB11493 KB Last Updated: 27 Mar 2020Version: 5.0
Summary:
As per the EAP-SIM and EAP-AKA RFCs, SBR Carrier will reject an identity if the preceding digit is not the correct format; "0" for AKA and "1"for SIM.
Symptoms:

Receive the following in the log message, what does it indicate?

05/05/2008 11:47:07 (93) simauth INFO: ProcessEapResponse - Current state is STATE_NEGOTIATING. Next state is STATE_PROCESSING.
05/05/2008 11:47:07 (93) simauth (AKA) WARNING: ParseIdentity '<User>': IDENTITY_TYPE_NONE.
05/05/2008 11:47:07 (93) simauth (AKA) WARNING: HandleIdentity - Did not recv a useful identity. Request new identity.
05/05/2008 11:47:07 (93) simauth INFO: CEAPSIMSubProtocol::Authenticate - Authentication to continue.
05/05/2008 11:47:07 (93) Sent challenge response for user <User-Name> to client <NAS IP>
Solution:

EAP-SIM and EAP-AKA RFC information:

Per RFC 4186 Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM)
Section 4.2.1.6.

Format of the Permanent Username- The non-pseudonym permanent username SHOULD be derived from the IMSI. In this case, the permanent username MUST be of the format "1" | IMSI, where the character "|" denotes concatenation.

In other words, the first character of the username is the digit one (ASCII value 31 hexadecimal), followed by the IMSI. The IMSI is encoded as an ASCII string that consists of not more than 15 decimal digits (ASCII values between 30 and 39 hexadecimal), one character per IMSI digit, in the order specified in [GSM-03.03].

For example, a permanent username derived from the IMSI 295023820005424 would be encoded as the ASCII string "1295023820005424" (byte values in hexadecimal notation: 31 32 39 35 30 32 33 38 32 30 30 30 35 34 32 34). The EAP server MAY use the leading "1" as a hint to try EAP-SIM as the first authentication method during method negotiation, rather than, for example EAP/AKA. The EAP-SIM server MAY propose EAP-SIM, even if the leading character was not "1".
 

Per 4187 Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
Section 4.1.1.6.

Format of the Permanent Username - The non-pseudonym permanent username SHOULD be derived from the IMSI. In this case, the permanent username MUST be of the format "0" | IMSI, where the character "|" denotes concatenation.

In other words, the first character of the username is the digit zero (ASCII value 30 hexadecimal), followed by the IMSI. The IMSI is an ASCII string that consists of not more than 15 decimal digits (ASCII values between 30 and 39 hexadecimal), one character per IMSI digit, in the order as specified in [TS23.003].

For example, a permanent username derived from the IMSI 295023820005424 would be encoded as the ASCII string "0295023820005424" (byte values in hexadecimal notation: 30 32 39 35 30 32 33 38 32 30 30 30 35 34 32 34) The EAP server MAY use the leading "0" as a hint to try EAP-AKA as the first authentication method during method negotiation, rather than using, for example, EAP-SIM. The EAP-AKA server MAY propose EAP-AKA even if the leading character was not "0".
Modification History:
2020-03-26: Changed from SBR SIM Server to SBR Carrier. Also, changed user information.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search