request for a simple set of instructions for EAP-SIM

Michael Martinez mwtzzz at
Wed Feb 3 03:22:58 CET 2016

Ok, I'm reading the RFC/memo thingy (from 2006) on EAP-SIM. One of the
first thing that catches my eye is the following statement:

The RADIUS server in a productive environment needs for EAP-SIM/AKA
access to the home location register (HLR) of the MNO where the
(U)SIMs are registered.
For testing a file with precreated values for authentication is sufficient.

HLR of the MNO. Does this mean that freeradius needs access to a mobile
network operator's database? How easy/likely is this? does anyone actually
bother to do this in their production environment? It seems there is a hack
for testing purposes only, I'm assuming this means somehow extracting the
relevant information from the device itself and then hardcoding this in to
a config file, which would be impractical if we're managing any more than a
handful of devices.

On Tue, Feb 2, 2016 at 11:59 AM, Alan DeKok <aland at>

> On Feb 2, 2016, at 2:16 PM, Michael Martinez <mwtzzz at> wrote:
> >
> > Where can I find an explanation of this users-example.txt file?  I don't
> > know what I'm looking at. What are these fields, where do they come from,
> > which configuration file is this information supposed to reside in?
>   It's an example of the "users" file.  In v3, that's
> raddb/mods-config/files/authorize
>   The contents are just attributes.  The attributes are magic attributes
> needed by EAP-SIM.  i.e. the SIM triplets.
>   i.e. you'll need to understand the EAP-SIM protocol before being able to
> use the "sim" module.  You can't just set a password, and have the server
> figure it out.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See


More information about the Freeradius-Users mailing list