Hi Alex, I don't use eap-sim and am not a developer, so cannot really comment on the implementation aspect. I also didn't suggest that this is the only way that eap-sim may work - BUT, looking at the documentation this is the way that it seems to work.
An HLR is designed for this task and it may be easier for freeradius to request triplets (RAND, SRES, Kc) from the HLR rather than coding the algorithm into freeradius....you will really need to discuss this with the eap-sim developers for their input. The other problem that you may have is that the Ki value is a closely guarded secret. If you don't have access to the Ki value, then you cannot produce the triplet regardless of what software you have available for freeradius. In this instance, you need to send requests to the HLR for the triplet to be generated. If you do have the Ki, then there may be some code on the web which can produce the triplets for you to populate into the database for future use. If you can find such code, then you can then try and either implement this into freeradius (if licenses permit) so that the triplets are re-generated after use, or, you could have the database automatically updated at regular intervals with new triplet values externally from freeradius. Hope this helps, Mark >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf >Of Alex Wang >Sent: 27 April 2004 04:13 >To: freeradius mailling-list >Subject: Re: how to set the ki in eap-sim server? > > >Thanks, Mark~ I understand what you say, and I will give it a try. >But I still wonder what you say is the only way to apply eap-sim? >Can't radius server be the eap-sim authentication server? >I mean, in real case, freeradius can authenticate the users >via pap, chap, >eap-md5, and etc alone, >and does it can also provide the eap-sim authentication >service by itself? > >Thanks for any suggestion~ > >alex > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
