Ok, I'm reading the RFC/memo thingy (from 2006) on EAP-SIM. One of the first thing that catches my eye is the following statement: The RADIUS server in a productive environment needs for EAP-SIM/AKA access to the home location register (HLR) of the MNO where the (U)SIMs are registered. For testing a file with precreated values for authentication is sufficient. HLR of the MNO. Does this mean that freeradius needs access to a mobile network operator's database? How easy/likely is this? does anyone actually bother to do this in their production environment? It seems there is a hack for testing purposes only, I'm assuming this means somehow extracting the relevant information from the device itself and then hardcoding this in to a config file, which would be impractical if we're managing any more than a handful of devices. On Tue, Feb 2, 2016 at 11:59 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Feb 2, 2016, at 2:16 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
Where can I find an explanation of this users-example.txt file? I don't know what I'm looking at. What are these fields, where do they come from, which configuration file is this information supposed to reside in?
It's an example of the "users" file. In v3, that's raddb/mods-config/files/authorize
The contents are just attributes. The attributes are magic attributes needed by EAP-SIM. i.e. the SIM triplets.
i.e. you'll need to understand the EAP-SIM protocol before being able to use the "sim" module. You can't just set a password, and have the server figure it out.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ---