[EXTERNAL] Re: Help in Configuring EAP-SIM

Shane Guan shaneguan at microsoft.com
Mon Feb 7 20:26:08 UTC 2022 

Hi Alan,

Thanks for your response!

I tried putting the Ki and OP into the /etc/freeradius/users file as follows
DEFAULT     Suffix == "3gppnetwork.org"
    EAP-Type := SIM,
    EAP-SIM-Ki := 0xd0356b75c19b4a62b1a5423aacc96e42,
    EAP-Sim-Algo-Version := 1

I know that this will apply for any user with a suffix of 3gppnetwork.org but I just wanted to do a sanity check with it.

Unfortunately, this doesn't cause the attributes to be put in the control list, but instead in request->reply->vps. What would be the best way to configure the server to put those attributes in the control list?

Thanks,
Shane
________________________________
From: Freeradius-Users <freeradius-users-bounces+shaneguan=microsoft.com at lists.freeradius.org> on behalf of Alan DeKok <aland at deployingradius.com>
Sent: Friday, February 4, 2022 7:14 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: [EXTERNAL] Re: Help in Configuring EAP-SIM

[You don't often get email from aland at deployingradius.com. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]

On Feb 3, 2022, at 5:28 PM, Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I am writing to inquire about the best way to configure freeradius for eap-sim.
>
>  *   I am using version 3.0.25
>  *   I have a test sim peer and know the Ki, OP, and IMSI for it.

  That's good.

> How would I configure freeradius to use the Ki and OP when it receives a message from the test peer requesting to authenticate with EAP-SIM?

  You just tell the server what they are, and the server does the right thing.

> I tried putting the Ki and OP in the users file but that didn't work.

  What does that mean?

> According to doc/modules/rlm_eap it says I need to write a separate module to generate GSM triplets given the Ki. However, in src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c:eap_sim_get_challenge it looks like there is already a module to generate GSM triplets given the Ki. How could I configure freeradius to call it?

  To be honest... this isn't a commonly used feature.  :(

  From a quick check of the source, you put the EAP-SIM-* attributes into the "control" list, and it *should* just work.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=04%7C01%7Cshaneguan%40microsoft.com%7C73bd55f4ac354c72876e08d9e7f10aaf%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637795844733223927%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L%2BbAiOw9WtcaOVZYBLXJ%2FKV5sTyXVV8nJMQ7viXhey4%3D&reserved=0

More information about the Freeradius-Users mailing list