Get Authentication Reject (HRES* Validation Failure ) from AMF using a external gnb

,

Dear free5gc support,

I’m using an external gnb simulator, in Registration procedure, UE got authentication reject from AMF after UE sends authentication response. Would you pls help.
Thanks a lot!

And here is my UE data in mongodb:

db.subscriptionData.authenticationData.authenticationSubscription.find()
{ “_id” : ObjectId(“5f2b3da520781a45a76133f5”), “permanentKey” : { “encryptionKey” : 0, “encryptionAlgorithm” : 0, “permanentKeyValue” : “8baf473f2f8fd09487cccbd7097c6862” }, “sequenceNumber” : “16f3b3f70fc2”, “authenticationManagementField” : “8000”, “milenage” : { “op” : { “encryptionAlgorithm” : 0, “opValue” : “8e27b6af0e692e750f32667a3b14605d”, “encryptionKey” : 0 } }, “opc” : { “opcValue” : “”, “encryptionKey” : 0, “encryptionAlgorithm” : 0 }, “ueId” : “imsi-2089300007487”, “authenticationMethod” : “5G_AKA” }

Below is log from AMF, would you pls help on what is the reason:
Detailed log pls see attached log.

2020/09/16 07:03:35 map[$and:[map[nfType:UDM] map[$or:[map[allowedNfTypes:AUSF] map[allowedNfTypes:map[$exists:false]]]] map[nfServices:map[$elemMatch:map[nfServiceStatus:REGISTERED serviceName:map[$in:[nudm-ueau]]]]]]]
[GIN] 2020/09/16 - 07:03:35 | 200 | 8.505044ms | 127.0.0.1 | GET /nnrf-disc/v1/nf-instances?requester-nf-type=AUSF&service-names=nudm-ueau&target-nf-type=UDM
INFO[2020-09-16T07:03:35Z]/lib/util_3gpp/suci/toSupi.go:260 free5gc/lib/util_3gpp/suci.ToSupi() suciPart [suci 0 208 93 0 0 0 00007487] UDM=UEAU
INFO[2020-09-16T07:03:35Z]/lib/util_3gpp/suci/toSupi.go:278 free5gc/lib/util_3gpp/suci.ToSupi() scheme 0 UDM=UEAU
INFO[2020-09-16T07:03:35Z]/lib/util_3gpp/suci/toSupi.go:285 free5gc/lib/util_3gpp/suci.ToSupi() SUPI type is IMSI UDM=UEAU
INFO[2020-09-16T07:03:35Z]/src/udm/producer/generate_auth_data.go:35 free5gc/src/udm/producer.HandleGenerateAuthData() supi conversion => imsi-2089300007487 UDM=UEAU
[GIN] 2020/09/16 - 07:03:35 | 200 | 1.860117ms | 127.0.0.1 | GET /nudr-dr/v1/subscription-data/imsi-2089300007487/authentication-data/authentication-subscription
INFO[2020-09-16T07:03:35Z]/src/udm/producer/generate_auth_data.go:103 free5gc/src/udm/producer.HandleGenerateAuthData() Nil Opc UDM=UEAU
[GIN] 2020/09/16 - 07:03:35 | 200 | 4.012561ms | 127.0.0.1 | POST /nudm-ueau/v1/suci-0-208-93-0-0-0-00007487/security-information/generate-auth-data
INFO[2020-09-16T07:03:35Z]/src/ausf/producer/ue_authentication.go:124 free5gc/src/ausf/producer.UeAuthPostRequestProcedure() Add SuciSupiPair (suci-0-208-93-0-0-0-00007487, imsi-2089300007487) to map. AUSF=UeAuthPost
INFO[2020-09-16T07:03:35Z]/src/ausf/producer/ue_authentication.go:130 free5gc/src/ausf/producer.UeAuthPostRequestProcedure() Use 5G AKA auth method AUSF=UeAuthPost
INFO[2020-09-16T07:03:35Z]/src/ausf/producer/ue_authentication.go:138 free5gc/src/ausf/producer.UeAuthPostRequestProcedure() XresStar = 3861626262613463626463386338333136376262393436343737653132303966 AUSF=5gAkaComfirm
[GIN] 2020/09/16 - 07:03:35 | 201 | 16.429053ms | 127.0.0.1 | POST /nausf-auth/v1/ue-authentications
INFO[2020-09-16T07:03:35Z]/src/amf/gmm/message/send.go:65 free5gc/src/amf/gmm/message.SendAuthenticationRequest() [NAS] Send Authentication Request[Retry: 0] AMF=Gmm
INFO[2020-09-16T07:03:35Z]/src/amf/ngap/message/send.go:138 free5gc/src/amf/ngap/message.SendDownlinkNasTransport() [AMF] Send Downlink Nas Transport AMF=NGAP
INFO[2020-09-16T07:03:35Z]/src/amf/ngap/handler.go:180 free5gc/src/amf/ngap.HandleUplinkNasTransport() [AMF] Uplink Nas Transport AMF=NGAP
INFO[2020-09-16T07:03:35Z]/src/amf/gmm/handler.go:1957 free5gc/src/amf/gmm.HandleAuthenticationResponse() [AMF] Handle Authentication Response AMF=Gmm
ERRO[2020-09-16T07:03:35Z]/src/amf/gmm/handler.go:1981 free5gc/src/amf/gmm.HandleAuthenticationResponse() HRES* Validation Failure AMF=Gmm
INFO[2020-09-16T07:03:35Z]/src/amf/gmm/message/send.go:109 free5gc/src/amf/gmm/message.SendAuthenticationReject() [NAS] Send Authentication Reject AMF=Gmm
INFO[2020-09-16T07:03:35Z]/src/amf/ngap/message/send.go:138 free5gc/src/amf/ngap/message.SendDownlinkNasTransport() [AMF] Send Downlink Nas Transport AMF=NGAP
2020/09/16 07:03:41 timer closed

Br,
Andrewfree5gc-amf-authen-rej.txt (5.0 KB)

Hi,

Is there any pcap file that we can try to check on it?

Hi free5GC,
FYI that after I successfully insert authenticationSubscription data into my free5gc mongodb, this issue is gone.
Thanks.