On 27.08.2013 10:57, ken.farrington wrote:
Many thanks indeed. Are you saying I can just take out sim_files from
the authorise in the default file and it should work anyway?
If so, fantastic :)
My raddb/sites-enabled/default:
authorize {
preprocess
auth_log
chap
mschap
suffix
eap {
ok = return
}
files
pap
}
My raddb/users:
1250016490216...@wlan.mnc001.mcc250.3gppnetwork.org
EAP-Sim-RAND1 = 0x09844aff4ccf66cdb95e59dba8ec291c,
EAP-Sim-RAND2 = 0x100446e9e8f553a9d87d0444a44b6cf5,
EAP-Sim-RAND3 = 0x753fdfc2d7e834002557a069462a1fa5,
EAP-Sim-SRES1 = 0x5dc9a406,
EAP-Sim-SRES2 = 0x3b3f8ea3,
EAP-Sim-SRES3 = 0x85bb8aeb,
EAP-Sim-KC1 = 0x75e85aff085e917b,
EAP-Sim-KC2 = 0x3055d76de12f1772,
EAP-Sim-KC3 = 0x81806503efeebec1
1250016490216...@wlan.mnc001.mcc250.3gppnetwork.org is a decorated
permanent identity for IMSI 250016490216808.
(EA-Sim-RAND1, EAP-Sim-SRES1, EAP-Sim-KC1) is an authentication vector
(aka GSM triplet). rlm_eap_sim requires three GSM triplets to be available.
You can extract IMSI and GSM triplets from the SIM card using smart card
reader and agsm2 program (http://agsm.sourceforge.net).
Note this will always use same GSM triplets for authentication and
consequently same master session key (MSK) for encryption. You need to
integrate with HLR to retrieve truly random GSM triplets. Usually this
is done by some sort of RADIUS-to-MAP gateway, like Cisco ITP.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
