[EXTERNAL] Help in Configuring EAP-SIM

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Feb 14 23:25:32 UTC 2022



> On Feb 11, 2022, at 7:28 PM, Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Hi everyone,
> 
> Thanks for the quick fix in master. I pulled the newest changes and rebuilt the freeradius binary. I noticed that if I do not explicitly set the SIM-Algo-Version, thus leaving it to the default of 1, then eapol_test client is able to authenticate (*default.log). However, when I do explictely set the SIM-Algo-Version to 1, then eapol_test is unable to authenticate, stating a MAC invalidation (*explicit_set_1.log). Can someone help me understand why this would be the case, when I am merely explicitly setting a variable to its default, instead of leaving it alone? Perhaps I misunderstood what the purpose of SIM-Algo-Version is.

Sim-Algo-Version controls the algorithm FreeRADIUS uses to produce vectors for consumption by the EAP code.

You need the same algorithm in use by FreeRADIUS and by your SIM card so that, given the same random value and Ki, both FreeRADIUS and the SIM produce the same AUTN, CK, IK and XRES values.

You likely have a usim in which case it'll probably be using milenage, so you'll want algo 4. 1, 2, 3 refer to the Comp128v1/v2/v3 algorithms.

Normally in a proper HLR this information would be recorded against the IMSI of the SIM.

-Arran

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220214/ea12a774/attachment.sig>


More information about the Freeradius-Users mailing list