Is it possible to set asterisk's VoIP authentication to be based on EAP-SIM auth of freeradius?

Iliya Peregoudov iperegudov at cboss.ru
Fri Jun 27 08:08:09 CEST 2014 

There should be support for EAP in both SIP user agent and SIP proxy. 
There is long ago outdated draft 
<http://tools.ietf.org/html/draft-torvinen-http-eap-01> that specify how 
to encapsulate EAP inside WWW-Authentication and Authorization HTTP headers.

Moreover SIP proxy should support forwarding EAP messages between SIP 
protocol and RADIUS protocol.

Moreover SIP user agent should have an access to SIM card. If you talk 
about PC-based SIP user agent (e.g. X-Lite), SIM card should be 
accessible ether via PC/SC API (if SIM card connected to PC through 
smart card reader), or via modem AT command set specified in 3GPP TS 
27.007 (if SIM card connected to GPRS modem that is connected to PC).

All this is definitely off-topic for this mailing list.


On 26.06.2014 21:35, Muhammad Hasan wrote:
> so basically it's still possible to implement eap-sim based voip
> authentication, but the problem is in voip client (like x-lite, etc)
> that does not support for eap-sim?
>
>
> On Wed, Jun 25, 2014 at 8:33 PM, Iliya Peregoudov <iperegudov at cboss.ru
> <mailto:iperegudov at cboss.ru>> wrote:
>
>     It is not quite clear how to transport EAP inside SIP messages. This
>     is not specified in RFCs and I doubt have implemented in any SIP client.
>
>     SIP protocol uses HTTP Digest authentication. SIP proxy can
>     transport HTTP Digest authentication to RADIUS server according to
>     <https://tools.ietf.org/html/__draft-sterman-aaa-sip-01
>     <https://tools.ietf.org/html/draft-sterman-aaa-sip-01>>. FreeRADIUS
>     rlm_digest module supports draft-sterman-aaa-sip-01 authentication
>     method.
>
>
>
>     On 25.06.2014 16 <tel:25.06.2014%2016>:01, Muhammad Hasan wrote:
>
>         Hi all,
>
>         I want to make initial VoIP authentication process from asterisk
>         server
>         to be based on EAP-SIM authentication of Freeradius server (so
>         it will
>         be not necessary to insert account datas in the asterisk
>         database). Is
>         there any way of doing that from Freeradius? Or at least, is
>         there any
>         way to sync the EAP-SIM data on Freeradius to asterisk server?
>
>         thank you
>
>         --
>         Best Regards,
>
>
>
>
>
>         -
>         List info/subscribe/unsubscribe? See
>         http://www.freeradius.org/__list/users.html
>         <http://www.freeradius.org/list/users.html>
>
>
>     -
>     List info/subscribe/unsubscribe? See
>     http://www.freeradius.org/__list/users.html
>     <http://www.freeradius.org/list/users.html>
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list