[RADIATOR] EAP-SIM Authentication
Heikki Vatiainen
hvn at open.com.au
Wed Aug 24 03:12:16 CDT 2011
On 08/23/2011 05:26 AM, M P wrote:
Hello Marvin,
> I checked again the Radiator logs and searched the attributes within the Access-Request for the keyword "3gppnetwork.org", it looks like it comes from the EAP-Message attribute. If I searched the IMSI of the iPhone4 used to authenticate via EAP-SIM simulator, the IMSI will only appear on the third Access-Request as part of the long range format then the Radiator will send an Access-Request to the simulator with the actual value of the IMSI on the GSM-IMSI attribute. If I just want to get the actual IMSI from the user device's Access-Request so that I can send it to the external HLR via an API of the MAP gateway for verification, what do you think is the best way to do this? Please advice. Thank you in advance.
Hmm, what does the User-Name attribute look like. Isn't IMSI part of the
username part?
If not, you could take a look at the goodies/ examples in the SIM pack.
The example configurations show there's AuthorisedHook which might be
useful:
# AuthorisedHook is called when the SIM request is completely
# authorised, and before the Access-Accept is returned.
One of the parameters is a pointer to EAP context Radiator keeps and the
IMSI should be available from the context information.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list