Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SBR Carrier] How to enable EAP-SIM as an EAP Helper method

0

0

Article ID: KB28586 KB Last Updated: 05 Mar 2017Version: 2.0
Summary:

SBR Carrier can do a number of EAP (Extensible Authentication Protocol) methods as a Helper to a different authentication method. By default, EAP-SIM (EAP for GSM Subscriber Identity Module) is not available as a Helper method, but it can be configured as a Helper method in a few simple steps.

Symptoms:

Sometimes, authorization and profile information is stored on an LDAP or SQL server. Back-end databases, LDAP and SQL are primary authentication methods, but there is a requirement to include EAP-SIM or EAP-AKA (EAP Authentication and Key Agreement) to get subscriber information from an HLR (Home Location Register) before the primary authentication process.

This article describes how to enable EAP-SIM and EAP-AKA as an EAP Helper method.

Cause:

Solution:

To enable EAP-SIM and EAP-AKA as an EAP Helper method, perform the procedure below.

Note: This procedure assumes that a) EAP-SIM or EAP-AKA is configured as an authentication method, and b) a primary authentication method is configured.

1.  Copy the simauth.aut file to a simauth.eap file.

[root@capone radius]# cp simauth.aut simauth.eap

2.  Edit the eap.ini file to include SIM and AKA as Helper methods under the [defaultMethods] section.

[root@capone radius]# vi eap.ini

[defaultMethods]
Available-EAP-Types=SIM,AKA,MD5-Challenge,MS-CHAP-V2,TLS,TTLS
Available-EAP-Only-Values=0,1
Available-Auto-EAP-Values=0,1

3. Restart SBR.

[root@capone radius]# ./sbrd restart

4. Launch the administrator GUI and select Authentication Policies > Order of Methods:
- In your browser, go to <server_IP>:1812.
- Click the launch button.
- When the administrator GUI comes up, log in with your administrator credentials.
- Select Authentication Policies>Order of Methods.

5. Right click on your primary authentication policy and select EAP Setup.



6. Select SIM and AKA under Inactive EAP Methods, and move them to Active EAP Methods. Ensure that Handle via Auto-EAP first is selected, then click OK.



7.  Click Apply in authentication methods to enable these changes.

An EAP-SIM or EAP-AKA authentication sequence will take place before the subscriber is authenticated against the primary authentication method.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search