Question on EAP-AKA and REALM
ryazanov.s.a at gmail.com
Tue Dec 10 14:55:10 EST 2013
2013/12/10 Ben Greear <greearb at candelatech.com>:
> I'm trying to get supplicant & hostapd to work with an upstream
> RADIUS server for EAP-AKA testing. I have enabled USIM_SIM
> and configured the password and identity as suggested here:
> I think it is mostly working, but the RADIUS server would like
> something like 'IMSI at realm' instead of just IMSI for the RADIUS user-name
This realm demand depended on RADIUS server configuration. EAP-AKA
RFC4187 recommend (section 126.96.36.199) that realm should be generated
according to 3GPP TS 23.003.
> Any suggestions on how to go about doing this? Is it something I should
> in supplicant, or hostapd?
Supplicant already contain necessary handler, which generate full
identity from IMSI (eap_sm_imsi_identity() function in
src/eap_peer/eap.c). But seems that this routine is never called when
you use SIM simulator. Try to configure realm manually.
For example instead of:
configure identity in following way:
identity="0232010000000000 at wlan.mnc001.mcc232.3gppnetwork.org"
Be careful, MNC in Europe contain 2 digits and you should put leading
zero before it, but in North America MNC contain 3 digits.
More information about the HostAP