[EXTERNAL] Help in Configuring EAP-SIM
Shane Guan
shaneguan at microsoft.com
Tue Feb 15 19:12:35 UTC 2022
Hi Arran,
Thanks for your response. For the purposes of testing, we have a sim client that will be using Comp128 versions 1 through 3, and we will want to test EAP-SIM with each of those algorithms. Regarding my original question, is there a misunderstanding on my part for how to set the SIM-Algo-Version on Freeradius? It appears that explicitly setting it vs not makes a difference.
Thanks,
Shane
________________________________
From: Arran Cudbard-Bell
Sent: Monday, February 14, 2022 3:25 PM
To: FreeRadius users mailing list
Cc: Shane Guan; Davut Karabay; Corbin Phipps; Paul Irwin
Subject: Re: [EXTERNAL] Help in Configuring EAP-SIM
> On Feb 11, 2022, at 7:28 PM, Shane Guan via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Hi everyone,
>
> Thanks for the quick fix in master. I pulled the newest changes and rebuilt the freeradius binary. I noticed that if I do not explicitly set the SIM-Algo-Version, thus leaving it to the default of 1, then eapol_test client is able to authenticate (*default.log). However, when I do explictely set the SIM-Algo-Version to 1, then eapol_test is unable to authenticate, stating a MAC invalidation (*explicit_set_1.log). Can someone help me understand why this would be the case, when I am merely explicitly setting a variable to its default, instead of leaving it alone? Perhaps I misunderstood what the purpose of SIM-Algo-Version is.
Sim-Algo-Version controls the algorithm FreeRADIUS uses to produce vectors for consumption by the EAP code.
You need the same algorithm in use by FreeRADIUS and by your SIM card so that, given the same random value and Ki, both FreeRADIUS and the SIM produce the same AUTN, CK, IK and XRES values.
You likely have a usim in which case it'll probably be using milenage, so you'll want algo 4. 1, 2, 3 refer to the Comp128v1/v2/v3 algorithms.
Normally in a proper HLR this information would be recorded against the IMSI of the SIM.
-Arran
More information about the Freeradius-Users
mailing list