List Info

Thread: wpa supplicant EAP-SIM configuration
wpa supplicant EAP-SIM configuration
user name
 2006-09-15 13:05:15 
Hello,

I want to connect to an access point with EAP-SIM
authentication. In the 
default wpa_supplicant.conf, there is an example :

# EAP-SIM with a GSM SIM or USIM
network={
    ssid="eap-sim-test"
    key_mgmt=WPA-EAP
    eap=SIM
    pin="1234"
    pcsc=""
}

EAP usually requires an identity, but there is no
"identity" field. Have 
I to set the identity ? Which value (sim card number) ?
Why does wpa supplicant need the pin code ? Does he get some
information 
in the card ?
I configure also the AP side, with hostap and freeradius, so
I can 
change some settings (but server configuration is hard to
understand to).

Best regards,

Vincent
_______________________________________________
HostAP mailing list
HostAPshmoo.com
http:/
/lists.shmoo.com/mailman/listinfo/hostap
wpa supplicant EAP-SIM configuration
user name
 2006-09-15 15:44:48 
On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent Maurin
wrote:

> I want to connect to an access point with EAP-SIM
authentication. In the 
> default wpa_supplicant.conf, there is an example :
> 
> # EAP-SIM with a GSM SIM or USIM
> network={
>     ssid="eap-sim-test"
>     key_mgmt=WPA-EAP
>     eap=SIM
>     pin="1234"
>     pcsc=""
> }
> 
> EAP usually requires an identity, but there is no
"identity" field. Have 
> I to set the identity ? Which value (sim card number) ?

EAP-SIM is most commonly used with automatically generated
identity from
the IMSI ('1' | IMSI). This will be used if identity is
not set in the
configuration file.

> Why does wpa supplicant need the pin code ? Does he get
some information 
> in the card ?

Yes, it reads the IMSI (which may or may not require PIN)
and uses SIM
to generate response to the GSM authentication (which will
likely
require PIN).

> I configure also the AP side, with hostap and
freeradius, so I can 
> change some settings (but server configuration is hard
to understand to).

To use EAP-SIM properly, you would need to have GSM
authentication
network in place (i.e., an HLR for generating authentication
triplets)..
Use of local list of pre-generated triplets with hostapd or
FreeRADIUS
as the authentication server could be used in tests, but
that is not
really a good option for more than test use.

-- 
Jouni Malinen                                            PGP
id EFC895FA
_______________________________________________
HostAP mailing list
HostAPshmoo.com
http:/
/lists.shmoo.com/mailman/listinfo/hostap
wpa supplicant EAP-SIM configuration
user name
 2006-09-18 14:05:03 
Tanks for all these precisions.

I have tested on a Dell Laptop with a GPRS/Wireless PCMCIA
card (Sony 
Ericsson GC79).
A smartcard reader is detected "Broadcom WWS",
but the init method fails 
to read MF. The select command return an unexpected
response, 0x67. 
According to the GSM11.11, it means "technical problem
with no 
diagnostic given" ...
Any idea about this ? Maybe this hardware is not supported ?
I have tried without pcsc, but an identity is needed (I set
'1') and it 
failed in GSM authentication ("GSM SIM authentication
could not be 
completed")


Jouni Malinen a écrit :
> On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent
Maurin wrote:
>
>   
>> I want to connect to an access point with EAP-SIM
authentication. In the 
>> default wpa_supplicant.conf, there is an example :
>>
>> # EAP-SIM with a GSM SIM or USIM
>> network={
>>     ssid="eap-sim-test"
>>     key_mgmt=WPA-EAP
>>     eap=SIM
>>     pin="1234"
>>     pcsc=""
>> }
>>
>> EAP usually requires an identity, but there is no
"identity" field. Have 
>> I to set the identity ? Which value (sim card
number) ?
>>     
>
> EAP-SIM is most commonly used with automatically
generated identity from
> the IMSI ('1' | IMSI). This will be used if identity
is not set in the
> configuration file.
>
>   
>> Why does wpa supplicant need the pin code ? Does he
get some information 
>> in the card ?
>>     
>
> Yes, it reads the IMSI (which may or may not require
PIN) and uses SIM
> to generate response to the GSM authentication (which
will likely
> require PIN).
>
>   
>> I configure also the AP side, with hostap and
freeradius, so I can 
>> change some settings (but server configuration is
hard to understand to).
>>     
>
> To use EAP-SIM properly, you would need to have GSM
authentication
> network in place (i.e., an HLR for generating
authentication triplets)..
> Use of local list of pre-generated triplets with
hostapd or FreeRADIUS
> as the authentication server could be used in tests,
but that is not
> really a good option for more than test use.
>
>   

_______________________________________________
HostAP mailing list
HostAPshmoo.com
http:/
/lists.shmoo.com/mailman/listinfo/hostap
wpa supplicant EAP-SIM configuration
user name
 2006-09-20 12:45:13 
It was not 0x67 but 0x6F.
I have tested with a more recent PCMCIA card, and it works,
so it's a 
hardware problem ...
> Tanks for all these precisions.
>
> I have tested on a Dell Laptop with a GPRS/Wireless
PCMCIA card (Sony 
> Ericsson GC79).
> A smartcard reader is detected "Broadcom
WWS", but the init method fails 
> to read MF. The select command return an unexpected
response, 0x67. 
> According to the GSM11.11, it means "technical
problem with no 
> diagnostic given" ...
> Any idea about this ? Maybe this hardware is not
supported ?
> I have tried without pcsc, but an identity is needed (I
set '1') and it 
> failed in GSM authentication ("GSM SIM
authentication could not be 
> completed")
>
>
> Jouni Malinen a écrit :
>   
>> On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent
Maurin wrote:
>>
>>   
>>     
>>> I want to connect to an access point with
EAP-SIM authentication. In the 
>>> default wpa_supplicant.conf, there is an
example :
>>>
>>> # EAP-SIM with a GSM SIM or USIM
>>> network={
>>>     ssid="eap-sim-test"
>>>     key_mgmt=WPA-EAP
>>>     eap=SIM
>>>     pin="1234"
>>>     pcsc=""
>>> }
>>>
>>> EAP usually requires an identity, but there is
no "identity" field. Have 
>>> I to set the identity ? Which value (sim card
number) ?
>>>     
>>>       
>> EAP-SIM is most commonly used with automatically
generated identity from
>> the IMSI ('1' | IMSI). This will be used if
identity is not set in the
>> configuration file.
>>
>>   
>>     
>>> Why does wpa supplicant need the pin code ?
Does he get some information 
>>> in the card ?
>>>     
>>>       
>> Yes, it reads the IMSI (which may or may not
require PIN) and uses SIM
>> to generate response to the GSM authentication
(which will likely
>> require PIN).
>>
>>   
>>     
>>> I configure also the AP side, with hostap and
freeradius, so I can 
>>> change some settings (but server configuration
is hard to understand to).
>>>     
>>>       
>> To use EAP-SIM properly, you would need to have GSM
authentication
>> network in place (i.e., an HLR for generating
authentication triplets)..
>> Use of local list of pre-generated triplets with
hostapd or FreeRADIUS
>> as the authentication server could be used in
tests, but that is not
>> really a good option for more than test use.
>>
>>   
>>     
>
> _______________________________________________
> HostAP mailing list
> HostAPshmoo.com
> http:/
/lists.shmoo.com/mailman/listinfo/hostap
>
>   

_______________________________________________
HostAP mailing list
HostAPshmoo.com
http:/
/lists.shmoo.com/mailman/listinfo/hostap
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )