[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: [EXTERNAL] Re: Help in Configuring EAP-SIM
From: Shane Guan via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date: 2022-02-07 20:26:08
Message-ID: CH2PR21MB152821F9C8099B39B42A0E5CAD2C9 () CH2PR21MB1528 ! namprd21 ! prod ! outlook ! com
[Download RAW message or body]
Hi Alan,
Thanks for your response!
I tried putting the Ki and OP into the /etc/freeradius/users file as follows
DEFAULT Suffix == "3gppnetwork.org"
EAP-Type := SIM,
EAP-SIM-Ki := 0xd0356b75c19b4a62b1a5423aacc96e42,
EAP-Sim-Algo-Version := 1
I know that this will apply for any user with a suffix of 3gppnetwork.org but I just \
wanted to do a sanity check with it.
Unfortunately, this doesn't cause the attributes to be put in the control list, but \
instead in request->reply->vps. What would be the best way to configure the server to \
put those attributes in the control list?
Thanks,
Shane
________________________________
From: Freeradius-Users \
<freeradius-users-bounces+shaneguan=microsoft.com@lists.freeradius.org> on behalf of \
Alan DeKok <aland@deployingradius.com>
Sent: Friday, February 4, 2022 7:14 AM
To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Subject: [EXTERNAL] Re: Help in Configuring EAP-SIM
[You don't often get email from aland@deployingradius.com. Learn why this is \
important at http://aka.ms/LearnAboutSenderIdentification.]
On Feb 3, 2022, at 5:28 PM, Shane Guan via Freeradius-Users \
<freeradius-users@lists.freeradius.org> wrote:
> I am writing to inquire about the best way to configure freeradius for eap-sim.
>
> * I am using version 3.0.25
> * I have a test sim peer and know the Ki, OP, and IMSI for it.
That's good.
> How would I configure freeradius to use the Ki and OP when it receives a message \
> from the test peer requesting to authenticate with EAP-SIM?
You just tell the server what they are, and the server does the right thing.
> I tried putting the Ki and OP in the users file but that didn't work.
What does that mean?
> According to doc/modules/rlm_eap it says I need to write a separate module to \
> generate GSM triplets given the Ki. However, in \
> src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c:eap_sim_get_challenge it looks \
> like there is already a module to generate GSM triplets given the Ki. How could I \
> configure freeradius to call it?
To be honest... this isn't a commonly used feature. :(
From a quick check of the source, you put the EAP-SIM-* attributes into the \
"control" list, and it *should* just work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See \
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2F \
list%2Fusers.html&data=04%7C01%7Cshaneguan%40microsoft.com%7C73bd55f4ac354c72876e0 \
8d9e7f10aaf%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637795844733223927%7CUnknown% \
7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L%2BbAiOw9WtcaOVZYBLXJ%2FKV5sTyXVV8nJMQ7viXhey4%3D&reserved=0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic