EAP-SIM Module Failed to Load
ken.farrington
ken.farrington at 802.co.uk
Tue Aug 27 11:08:24 CEST 2013
Fantastic and thanks. On it now :)
On 27 August 2013 at 08:54 Iliya Peregoudov <iperegudov at cboss.ru> wrote:
> On 27.08.2013 10:57, ken.farrington wrote:
> > Many thanks indeed. Are you saying I can just take out sim_files from
> > the authorise in the default file and it should work anyway?
> > If so, fantastic :)
>
> My raddb/sites-enabled/default:
>
> authorize {
> preprocess
> auth_log
> chap
> mschap
> suffix
> eap {
> ok = return
> }
> files
> pap
> }
>
> My raddb/users:
>
> 1250016490216808 at wlan.mnc001.mcc250.3gppnetwork.org
> EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
> EAP-Sim-RAND2 = 0x100446e9e8f553a9d87d0444a44b6cf5,
> EAP-Sim-RAND3 = 0x753fdfc2d7e834002557a069462a1fa5,
> EAP-Sim-SRES1 = 0x5dc9a406,
> EAP-Sim-SRES2 = 0x3b3f8ea3,
> EAP-Sim-SRES3 = 0x85bb8aeb,
> EAP-Sim-KC1 = 0x75e85aff085e917b,
> EAP-Sim-KC2 = 0x3055d76de12f1772,
> EAP-Sim-KC3 = 0x81806503efeebec1
>
> 1250016490216808 at wlan.mnc001.mcc250.3gppnetwork.org is a decorated
> permanent identity for IMSI 250016490216808.
>
> (EA-Sim-RAND1, EAP-Sim-SRES1, EAP-Sim-KC1) is an authentication vector
> (aka GSM triplet). rlm_eap_sim requires three GSM triplets to be available.
>
> You can extract IMSI and GSM triplets from the SIM card using smart card
> reader and agsm2 program (http://agsm.sourceforge.net).
>
> Note this will always use same GSM triplets for authentication and
> consequently same master session key (MSK) for encryption. You need to
> integrate with HLR to retrieve truly random GSM triplets. Usually this
> is done by some sort of RADIUS-to-MAP gateway, like Cisco ITP.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ken Farrington
Director
CCIE #12651
802 Limited
International House, 221 Bow Road, London, E3 2SJ, United Kingdom
Direct: +44 (0)7500 802802
ken.farrington at 802.co.uk
http://www.802.co.uk
Disclaimer
This e-mail may contain information that is confidential, privileged or
otherwise protected from disclosure. If you are not an intended recipient of
this e-mail, do not duplicate or redistribute it by any means. Please delete it
and any attachments and notify the sender that you have received it in error.
Any views or opinions presented are solely those of the author and do not
necessarily represent those of 802 Limited or any subsidiary company of 802
Limited. This email may relate to or be sent from other members of the 802
Group. All rights reserved. 802 Limited. Registered in the UK. Company Number.
7962864.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130827/d366ab24/attachment-0001.html>
More information about the Freeradius-Users
mailing list