eap-sim configuration

[Josh toal]

Hi Alan

Thank you very much for your kind suggestion.

After your mail I read on radeapclient to get better idea on that.


For eap-sim authentication, I think that we also need to modify
radiusd.conf, eap.conf, clients.conf and user files.

Can you please suggest changes on that.

I have read wiki on freeradius
http://wiki.freeradius.org/modules/Rlm_eap

this page do talk about some configuration of these files.

Any implementation suggestions or suggested reading will be of great help
to me.

Regards
Josh







On Tue, Dec 5, 2017 at 8:12 AM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Nov 30, 2017, at 1:12 PM, Josh toal <joshtoal17 at gmail.com> wrote:
> > Installed freeradius 3.X and did basic configuration with the access
> point
> > and it works.
> >
> > Now I am trying to do configuration for eap-sim authentication. I have
> the
> > SIM credentials.
> >
> > Can somebody help me in understanding configuration required to implement
> > eap-sim based authentication .
>
>   That's not a simple thing... EAP-SIM is weird and bizarre.  Historically
> it hasn't been well tested in FreeRADIUS.
>
>   The good news is that I've fixed things up in the v3.0.x branch, which
> will soon by 3.0.16.  So you should really use that branch from github.
>
>   You can then add this in raddb/mods-config/files/authorize:
>
> bob     EAP-SIM-Ki := 0xabcdef...
>
>   Replace the hex digits with the actual value of the Ki key.
>
>   And you can run radeapclient with the following input file as "sim.txt"
>
> User-Name := "bob"
> EAP-Code = Response
> EAP-Type-Identity = "bob"
> EAP-SIM-Ki = 0xabcdef...
>
>   With the same Ki, of course.
>
>   Then do:
>
> $ radeapclient -f sim.txt localhost  auth testing123
>
>   and it should work.
>
>   Older versions of radeapclient required the SIM triplets, which meant
> you could only test it once.  That's annoying.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html