[RADIATOR] EAP-SIM Authentication

M P antmtp at hotmail.com
Wed Aug 24 11:19:31 CDT 2011


Hello Heikki,
As a follow-up to my previous e-mail, I found out that the IMSI information sometimes appear on the User-Name attribute (with an additional prefix of 1) and sometimes as part of the long value of the EAP-Message attribute. It's not consistent though. But lately I noticed that the User-Name attribute now contains TMSI instead of IMSI and even the EAP-Message attribute, it's the TMSI that is present instead of IMSI.
- - - < s n i p > - - -# grep -i 525053102410897 * | grep -v -i query | grep -v -i GSM-IMSI | grep -v -i DEBUGradiator-20110614.log:  User-Name = "1525053102410897"radiator-20110614.log:  EAP-Message = <2><0><0>8<1>1525053102410897 at wlan.mnc005.mcc525.3gppnetwork.orgradiator-20110614.log:  User-Name = "1525053102410897"radiator-20110614.log:  User-Name = "1525053102410897"radiator-20110623.log:  EAP-Message = <2><2><0>X<18><10><0><0><14><14><0>31525053102410897 at wlan.mnc005.mcc525.3gppnetwork.orgg<16><1><0><1><7><5><0><0>5k<129><138>u<152><132><213><20><146>Y<169><245>Y<238><196>radiator-20110714.log:  EAP-Message = <2><2><0>X<18><10><0><0><14><14><0>31525053102410897 at wlan.mnc005.mcc525.3gppnetwork.orgg<16><1><0><1><7><5><0><0><241><169><204><25>2<190><157>u<189>]@<160>>A<130>j- - - < s n i p > - - -
Is there any configuration that I can do in Radiator in order for me to see the actual IMSI value consistently in one of the RADIUS attribute from every Access-Request?

From: antmtp at hotmail.com
To: hvn at open.com.au
Date: Wed, 24 Aug 2011 23:30:00 +0800
CC: radiator at open.com.au
Subject: Re: [RADIATOR] EAP-SIM Authentication








Hello Heikki,
> Date: Wed, 24 Aug 2011 11:12:16 +0300
> From: hvn at open.com.au
> To: antmtp at hotmail.com
> CC: radiator at open.com.au
> Subject: Re: [RADIATOR] EAP-SIM Authentication
> 
> Hmm, what does the User-Name attribute look like. Isn't IMSI part of the
> username part?

Below is a snippet from the first Access-Request:
    User-Name = "3d860eab069282e65"    EAP-Message = <2><0><0>9<1>3d860eab069282e65 at wlan.mnc005.mcc525.3gppnetwork.org
The username contains the TMSI. In which RADIUS attribute I can exactly find the IMSI?
> If not, you could take a look at the goodies/ examples in the SIM pack.
> The example co
 nfigurations show there's AuthorisedHook which might be
> useful:
> 
> # AuthorisedHook is called when the SIM request is completely
> # authorised, and before the Access-Accept is returned.
> 
> One of the parameters is a pointer to EAP context Radiator keeps and the
> IMSI should be available from the context information.

Are you saying that I only have to uncomment the below line from the configuration?
    AuthorisedHook sub {print "here in AuthorisedHook @_\n";}
Moving forward on the EAP-SIM authentication, if I am going to try authenticating via the API of the MAP gateway, I shoul
 d only be using the "AuthBy EXTERNAL" and execute a script whenever there is an Access-Request and I don't need the configurations of the "AuthBy SIMOPERATOR" anymore, right?
Please advice. Thank you once again. 		 	   		  

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110825/11ea3f5d/attachment-0001.html 


More information about the radiator mailing list