wpa supplicant EAP-SIM configuration

Vincent Maurin vincent.maurin
Mon Sep 18 07:05:03 PDT 2006


Tanks for all these precisions.

I have tested on a Dell Laptop with a GPRS/Wireless PCMCIA card (Sony 
Ericsson GC79).
A smartcard reader is detected "Broadcom WWS", but the init method fails 
to read MF. The select command return an unexpected response, 0x67. 
According to the GSM11.11, it means "technical problem with no 
diagnostic given" ...
Any idea about this ? Maybe this hardware is not supported ?
I have tried without pcsc, but an identity is needed (I set '1') and it 
failed in GSM authentication ("GSM SIM authentication could not be 
completed")


Jouni Malinen a ?crit :
> On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent Maurin wrote:
>
>   
>> I want to connect to an access point with EAP-SIM authentication. In the 
>> default wpa_supplicant.conf, there is an example :
>>
>> # EAP-SIM with a GSM SIM or USIM
>> network={
>>     ssid="eap-sim-test"
>>     key_mgmt=WPA-EAP
>>     eap=SIM
>>     pin="1234"
>>     pcsc=""
>> }
>>
>> EAP usually requires an identity, but there is no "identity" field. Have 
>> I to set the identity ? Which value (sim card number) ?
>>     
>
> EAP-SIM is most commonly used with automatically generated identity from
> the IMSI ('1' | IMSI). This will be used if identity is not set in the
> configuration file.
>
>   
>> Why does wpa supplicant need the pin code ? Does he get some information 
>> in the card ?
>>     
>
> Yes, it reads the IMSI (which may or may not require PIN) and uses SIM
> to generate response to the GSM authentication (which will likely
> require PIN).
>
>   
>> I configure also the AP side, with hostap and freeradius, so I can 
>> change some settings (but server configuration is hard to understand to).
>>     
>
> To use EAP-SIM properly, you would need to have GSM authentication
> network in place (i.e., an HLR for generating authentication triplets)..
> Use of local list of pre-generated triplets with hostapd or FreeRADIUS
> as the authentication server could be used in tests, but that is not
> really a good option for more than test use.
>
>   





More information about the Hostap mailing list