wpa supplicant EAP-SIM configuration

Vincent Maurin vincent.maurin
Wed Sep 20 05:45:13 PDT 2006 

It was not 0x67 but 0x6F.
I have tested with a more recent PCMCIA card, and it works, so it's a 
hardware problem ...
> Tanks for all these precisions.
>
> I have tested on a Dell Laptop with a GPRS/Wireless PCMCIA card (Sony 
> Ericsson GC79).
> A smartcard reader is detected "Broadcom WWS", but the init method fails 
> to read MF. The select command return an unexpected response, 0x67. 
> According to the GSM11.11, it means "technical problem with no 
> diagnostic given" ...
> Any idea about this ? Maybe this hardware is not supported ?
> I have tried without pcsc, but an identity is needed (I set '1') and it 
> failed in GSM authentication ("GSM SIM authentication could not be 
> completed")
>
>
> Jouni Malinen a ?crit :
>   
>> On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent Maurin wrote:
>>
>>   
>>     
>>> I want to connect to an access point with EAP-SIM authentication. In the 
>>> default wpa_supplicant.conf, there is an example :
>>>
>>> # EAP-SIM with a GSM SIM or USIM
>>> network={
>>>     ssid="eap-sim-test"
>>>     key_mgmt=WPA-EAP
>>>     eap=SIM
>>>     pin="1234"
>>>     pcsc=""
>>> }
>>>
>>> EAP usually requires an identity, but there is no "identity" field. Have 
>>> I to set the identity ? Which value (sim card number) ?
>>>     
>>>       
>> EAP-SIM is most commonly used with automatically generated identity from
>> the IMSI ('1' | IMSI). This will be used if identity is not set in the
>> configuration file.
>>
>>   
>>     
>>> Why does wpa supplicant need the pin code ? Does he get some information 
>>> in the card ?
>>>     
>>>       
>> Yes, it reads the IMSI (which may or may not require PIN) and uses SIM
>> to generate response to the GSM authentication (which will likely
>> require PIN).
>>
>>   
>>     
>>> I configure also the AP side, with hostap and freeradius, so I can 
>>> change some settings (but server configuration is hard to understand to).
>>>     
>>>       
>> To use EAP-SIM properly, you would need to have GSM authentication
>> network in place (i.e., an HLR for generating authentication triplets)..
>> Use of local list of pre-generated triplets with hostapd or FreeRADIUS
>> as the authentication server could be used in tests, but that is not
>> really a good option for more than test use.
>>
>>   
>>     
>
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
>

More information about the Hostap mailing list