EAP-SIM Module Failed to Load

Iliya Peregoudov iperegudov at cboss.ru
Tue Aug 27 09:54:58 CEST 2013


On 27.08.2013 10:57, ken.farrington wrote:
> Many thanks indeed.  Are you saying I can just take out sim_files from
> the authorise in the default file and it should work anyway?
> If so, fantastic :)

My raddb/sites-enabled/default:

authorize {
   preprocess
   auth_log
   chap
   mschap
   suffix
   eap {
     ok = return
   }
   files
   pap
}

My raddb/users:

1250016490216808 at wlan.mnc001.mcc250.3gppnetwork.org
         EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
         EAP-Sim-RAND2 = 0x100446e9e8f553a9d87d0444a44b6cf5,
         EAP-Sim-RAND3 = 0x753fdfc2d7e834002557a069462a1fa5,
         EAP-Sim-SRES1 = 0x5dc9a406,
         EAP-Sim-SRES2 = 0x3b3f8ea3,
         EAP-Sim-SRES3 = 0x85bb8aeb,
         EAP-Sim-KC1 = 0x75e85aff085e917b,
         EAP-Sim-KC2 = 0x3055d76de12f1772,
         EAP-Sim-KC3 = 0x81806503efeebec1

1250016490216808 at wlan.mnc001.mcc250.3gppnetwork.org is a decorated 
permanent identity for IMSI 250016490216808.

(EA-Sim-RAND1, EAP-Sim-SRES1, EAP-Sim-KC1) is an authentication vector 
(aka GSM triplet). rlm_eap_sim requires three GSM triplets to be available.

You can extract IMSI and GSM triplets from the SIM card using smart card 
reader and agsm2 program (http://agsm.sourceforge.net).

Note this will always use same GSM triplets for authentication and 
consequently same master session key (MSK) for encryption. You need to 
integrate with HLR to retrieve truly random GSM triplets. Usually this 
is done by some sort of RADIUS-to-MAP gateway, like Cisco ITP.


More information about the Freeradius-Users mailing list