Question on EAP-AKA and REALM

Sergey Ryazanov ryazanov.s.a
Tue Dec 10 11:55:10 PST 2013


2013/12/10 Ben Greear <greearb at candelatech.com>:
> I'm trying to get supplicant & hostapd to work with an upstream
> RADIUS server for EAP-AKA testing. I have enabled USIM_SIM
> and configured the password and identity as suggested here:
>
> http://comments.gmane.org/gmane.linux.drivers.hostap/24684
>
> I think it is mostly working, but the RADIUS server would like
> something like 'IMSI at realm' instead of just IMSI for the RADIUS user-name
> field.
>
This realm demand depended on RADIUS server configuration. EAP-AKA
RFC4187 recommend (section 4.1.1.5) that realm should be generated
according to 3GPP TS 23.003.

> Any suggestions on how to go about doing this? Is it something I should
> configure
> in supplicant, or hostapd?
>
Supplicant already contain necessary handler, which generate full
identity from IMSI (eap_sm_imsi_identity() function in
src/eap_peer/eap.c). But seems that this routine is never called when
you use SIM simulator. Try to configure realm manually.

For example instead of:

network={
...
identity="0232010000000000"
...
}

configure identity in following way:

network={
...
identity="0232010000000000 at wlan.mnc001.mcc232.3gppnetwork.org"
...
}

Be careful, MNC in Europe contain 2 digits and you should put leading
zero before it, but in North America MNC contain 3 digits.

-- 
BR,
Sergey



More information about the Hostap mailing list