wpa supplicant EAP-SIM configuration
Vincent Maurin
vincent.maurin
Wed Sep 20 05:45:13 PDT 2006
It was not 0x67 but 0x6F.
I have tested with a more recent PCMCIA card, and it works, so it's a
hardware problem ...
> Tanks for all these precisions.
>
> I have tested on a Dell Laptop with a GPRS/Wireless PCMCIA card (Sony
> Ericsson GC79).
> A smartcard reader is detected "Broadcom WWS", but the init method fails
> to read MF. The select command return an unexpected response, 0x67.
> According to the GSM11.11, it means "technical problem with no
> diagnostic given" ...
> Any idea about this ? Maybe this hardware is not supported ?
> I have tried without pcsc, but an identity is needed (I set '1') and it
> failed in GSM authentication ("GSM SIM authentication could not be
> completed")
>
>
> Jouni Malinen a ?crit :
>
>> On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent Maurin wrote:
>>
>>
>>
>>> I want to connect to an access point with EAP-SIM authentication. In the
>>> default wpa_supplicant.conf, there is an example :
>>>
>>> # EAP-SIM with a GSM SIM or USIM
>>> network={
>>> ssid="eap-sim-test"
>>> key_mgmt=WPA-EAP
>>> eap=SIM
>>> pin="1234"
>>> pcsc=""
>>> }
>>>
>>> EAP usually requires an identity, but there is no "identity" field. Have
>>> I to set the identity ? Which value (sim card number) ?
>>>
>>>
>> EAP-SIM is most commonly used with automatically generated identity from
>> the IMSI ('1' | IMSI). This will be used if identity is not set in the
>> configuration file.
>>
>>
>>
>>> Why does wpa supplicant need the pin code ? Does he get some information
>>> in the card ?
>>>
>>>
>> Yes, it reads the IMSI (which may or may not require PIN) and uses SIM
>> to generate response to the GSM authentication (which will likely
>> require PIN).
>>
>>
>>
>>> I configure also the AP side, with hostap and freeradius, so I can
>>> change some settings (but server configuration is hard to understand to).
>>>
>>>
>> To use EAP-SIM properly, you would need to have GSM authentication
>> network in place (i.e., an HLR for generating authentication triplets)..
>> Use of local list of pre-generated triplets with hostapd or FreeRADIUS
>> as the authentication server could be used in tests, but that is not
>> really a good option for more than test use.
>>
>>
>>
>
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
>
More information about the Hostap
mailing list