wpa supplicant EAP-SIM configuration

Jouni Malinen jkmaline at cc.hut.fi
Fri Sep 15 11:44:48 EDT 2006


On Fri, Sep 15, 2006 at 03:05:15PM +0200, Vincent Maurin wrote:

> I want to connect to an access point with EAP-SIM authentication. In the 
> default wpa_supplicant.conf, there is an example :
> 
> # EAP-SIM with a GSM SIM or USIM
> network={
>     ssid="eap-sim-test"
>     key_mgmt=WPA-EAP
>     eap=SIM
>     pin="1234"
>     pcsc=""
> }
> 
> EAP usually requires an identity, but there is no "identity" field. Have 
> I to set the identity ? Which value (sim card number) ?

EAP-SIM is most commonly used with automatically generated identity from
the IMSI ('1' | IMSI). This will be used if identity is not set in the
configuration file.

> Why does wpa supplicant need the pin code ? Does he get some information 
> in the card ?

Yes, it reads the IMSI (which may or may not require PIN) and uses SIM
to generate response to the GSM authentication (which will likely
require PIN).

> I configure also the AP side, with hostap and freeradius, so I can 
> change some settings (but server configuration is hard to understand to).

To use EAP-SIM properly, you would need to have GSM authentication
network in place (i.e., an HLR for generating authentication triplets)..
Use of local list of pre-generated triplets with hostapd or FreeRADIUS
as the authentication server could be used in tests, but that is not
really a good option for more than test use.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list