[RADIATOR] EAP-SIM Authentication

M P antmtp at hotmail.com
Thu Aug 25 22:38:14 CDT 2011


Hello Heikki,
> Date: Thu, 25 Aug 2011 12:10:09 +0300
> From: hvn at open.com.au
> To: antmtp at hotmail.com
> CC: radiator at open.com.au
> Subject: Re: [RADIATOR] EAP-SIM Authentication
> 
> Yes, this is allowed according to the EAP-SIM RFC. You are seeing the
> IMSI in the initial request, but subsequent requests use TMSI to hide
> the real identity. To keep track of the IMSI, you would need to follow
> the EAP session and subsequent reauthentication using the context
> Radiator creates for EAP authentication. In other words, this means
> digging into Radiator more instead of being able to handle the requests
> simply packet by packet.

I actually do not see the IMSI in the initial Access-Request.
> eap_simoperator.cfg has an example of how to control TMSI generation.
> Please see the example and try "UseTMSI 0" to turn it off. There's also
> "UseReauthentication" just below you could try to turn off.

I have set the two (2) parameters you mentioned above to 0 but I am still seeing the TMSI instead of IMSI which has the value of 525110101128573. I have attached the Radiator log file for your reference.
> Note that identity hiding is generally considered a good feature so
> turning off TMSI and reauthentication may not be a good idea outside of
> lab environment.

I understand.
> Also you would need to expand the hook with real code that uses the
> parameters Radiator passes to it. The parameters should give you access
> to e.g. EAP context that contains IMSI.

Noted.
> You might also see if expanding AuthSIMOPERATOR.pm would be useful. As
> the README and the comments in the .pm file say, it can and should be
> expanded as needed. Depending on your environment EXTERNAL might be an
> answer too. SIMOPERATOR will probably be useful as  a reference since it
> is meant as the first component in Radiator that processes the incoming
> EAP-SIM requests from NASes.

Noted.
Thank you very much once again. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110826/eda31a36/attachment.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radiator.log
Url: http://www.open.com.au/pipermail/radiator/attachments/20110826/eda31a36/attachment.pl 


More information about the radiator mailing list