Configuring the gsmmap.gen File

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

Steel-Belted Radius Carrier 7.2.x Reference Guide > Configuring the gsmmap.gen File for the SIM or SMS Authentication Module > Configuring the gsmmap.gen File
Configuring the gsmmap.gen File
The gsmmap.gen file enables you to configure authentication settings by realm. This file consists of several sections that you need to configure, including:

[Bootstrap] section

[Settings] section

[Realms] section

Each realm section

Target module sections

This chapter describes each of these configuration sections.

[Bootstrap] Section

The [Bootstrap] section (Table 158) of the gsmmap.gen file enables the gsmmap.gen file to function.

Table 158: gsmmap.gen [Bootstrap] Fields

Field

Description

LibraryName

Specifies the name of the library called when gsmmap runs.

Default value is gsmmap.

Enable

Set to 1 to enable the features described in this file.

Set to 0 to disable the features described in this file.

Default value is 1.

DependsOn

Specifies the names of the module or modules (comma separated) that must be running for the MAP module to work.

If you change the name of the data accessor files described in Configuring the Data Accessors for the SIM and SMS Authentication Modules, you must configure this parameter to match the new file name.

Default values are:

ldapaccessor.gen, sqlaccessor.gen

Example
[Bootstrap]
LibraryName=gsmmap
Enable=1
DependsOn=ldapaccessor.gen,sqlaccessor.gen
[Settings] Section

The [Settings] section (Table 159) controls how log information is handled.

Table 159: gsmmap.gen [Settings] Fields

Field

Description

ConfigLog

Method for capturing log information.

None= Configuration information is not captured.

ConsoleAndLog= Log information is sent to both the console and the log.

Console= Log information is sent to the console only.

Log= Log information is sent to the log file only.

Default is ConsoleAndLog.

Example
[Settings]
ConfigLog=Log
[Realms] Section

The [Realms] section of the gsmmap.gen file contains a list of realms for which you specify authentication instructions. When an Access-Request is received, Steel-Belted Radius Carrier handles the request in different ways, depending on the settings in the [Realms] section. For example, requests from the ABC.com realm might require the IMSI retrieved from the LDAP database for authentication, requests from the XYZ.com realm might require the AKA from the MAP Gateway for authentication.

You can specify realms in several ways:

By name - You can specify realms directly by listing names of authorized realms. Example: abc.com.

By alias - You can create an alias for a realm by specifying the realm alias and realm name. Example: realm1=abc.com

By wild-card alias - You can create an alias that includes a wildcard to permit authentication for multiple realms. Example: realm2=*abc.com or realm=abc.*

By unmatched realm - You can create an alias that applies to all realms that do not match any specified realm. Example: CatchAllRealm=*

By no realm - You can capture all authentication requests that do not contain a realm with the NoRealm= command.

Example
[Realms]
ABC.com
realm1=myrealm.com
realm2=*abc.com
CatchAllRealm=*

NoRealm=
Configuring Each Realm Section

For each realm or alias that you create in the [Realms] section, you must create a separate section identified by the specified realm name or alias in the gsmmap.gen file. Within each realm setting, you identify a target module for each type of information that might be required to authenticate a subscriber. The target module defines where to obtain the specified information for each type of authenticator.

For example, if ABC.com is one of the realms, you must create a target module for any of the EAP-SIM, EAP-AKA, SMS, IMSI, MSISDN, and Authorization authentication types that are used to authenticate subscribers from ABC.com.

Use the Default= setting to identify a target module to be called if any of the other settings are absent.

NOTE: The Setting Name can be set to None if you want to disable the setting. For example, Authorization=None.

Example

In the following example, these configuration choices are specified:
An Access-Request from ABC.com that requires an SMS text message is handled according to the settings in the UlticomSMSGateway target module section of gsmmap.gen.

Access-Requests requiring an authorization string are handled according to the settings in the SQLDatabase target module section of gsmmap.gen.

All other Access-Requests are handled according to the UlticomMapGateway target module section of gsmmap.gen.
[ABC.com]
Default=UlticomMapGateway
SMS=UlticomSMSGateway
Authorization=SQLDatabase
Relationship Between Sections

Figure 24 illustrates the relationship between the [Realms] section, the specific named realm section, and the target module section in the gsmmap.gen file.

Figure 24:

Relationship Between Sections in gsmmap.gen File
Network Equipment and Data Needed for Processing Access-Requests

Table 160 identifies the network equipment needed for authentication based on the action needed to process the Access-Request.

Table 160: Network Equipment and Related Settings, Actions, and Identifiers

Setting Name

Action Needed to Process Access-Request

Identifier of the Mobile Station

Network Equipment

SIM

Obtain SIM triplets*

IMSI

HLR (supporting MAP application context version 2)

AKA

Obtain AKA quintets

IMSI

HLR (supporting MAP application context version 3)

SMS

Send SMS text message containing password

IMSI

MSC (SMS text message sent through the MSC)

IMSI

Obtain IMSI (given the MSISDN)

MSISDN

HLR

MSISDN

Obtain MSISDN (given the IMSI)

IMSI

HLR

Authorization

Obtain Authorization string

IMSI or MSISDN

HLR or SQL or LDAP database
* If quintets are received but triplets are needed, the authentication module
converts the quintets to triplets according to specification 3G TS 33.102 available at
http://www.3gpp.org.
 NOTE: You can set the Setting Name to None if you want to disable the setting. For example, SIM=None. 
Example: Authorization String

If an authorization string is required to process an Access-Request, the following might be true:

Authorization string is in the database

IMSI is received in the Access-Request

Database is keyed off the MSISDN

In this case, the MSC is used to obtain the MSISDN based on the IMSI. Then the MSISDN is used to retrieve the Authorization string from the database or HLR.

Disabling Authorization from EAP-SIM

You can disable authorization completely from EAP-SIM (not fetch subscriber profile information from the HLR and not perform a SQL/LDAP query).

To disable authorization from EAP-SIM:

Set Authorization=None in the realm section of the gsmmap.gen file.

Remove all authorization options (BS, TS, and ODB) from the authGateway.conf file for the target HLR, and disable the connection between the authGateway application and Steel-Belted Radius Carrier in the ulcmmg.conf file. For complete details on the authGateway.conf and ulcmmg.conf files, see the Steel-Belted Radius Carrier 7.2 Installation Guide.

Target Module Section

For each target module that you list for a realm, you must create a configuration section that identifies settings to be used for that module. The settings that you must specify depend on the type of module being called. The target modules are described in Table 161.

Table 161: Types of Target Modules

Target Module

Type

Network

Source of Subscriber Information

Default Target Module Name

MAP Gateway

GSM

SS7

HLR

UlticomMapGateway

SMS Gateway

GSM

SS7

MSC

UlticomSMSGateway

SQL Database

Database

IP

SQL database

SQLDatabase

LDAP Database

Database

IP

LDAP database

LDAPDatabase

The fields to be included in the target module section differ depending on the specific target module. For example, the MAP Gateway target module section in the gsmmap.gen file requires a different set of fields than the SMS Gateway target module. Table 162 through Table 165 list the fields required for each target module.

Target Module Fields (General Case)

Table 162: gsmmap.gen [Module] Fields (General Case)

Field

Description

ModuleType

Specifies the type of module being called. Options are:

Database

GSM

LibraryName

The name of the library called when the target module runs.

RequiredModuleVersionNumber

Version number of the specified module.

Default value is 1.

SymbolPrefix

Specifies the prefix for the symbols loaded from the library.

For the MAP Gateway, enter ulcm_mg_t_.

For the SMS Gateway, enter ulcm_sms_t_.

InitializationString

Specifies the name of the initialization file for the library.

RequestTimeoutMs

Specifies the number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds). An SMS Gateway that must communicate with a subscriber's mobile telephone requires a considerably longer timeout value; for example, 60000 (60 seconds).

MAP Gateway Target Module Fields

Table 163: gsmmap.gen MAP Gateway Module Fields

Field

Configure to This Value

ModuleType

GSM

LibraryName

library32/libulcmmg.so

RequiredModuleVersionNumber

1

SymbolPrefix

ulcm_mg_t_

InitializationString

conf/ulcmmg.conf

See the ulcmmg.conf file in the Steel-Belted Radius Carrier 7.2 Installation Guide.

RequestTimeoutMs

Number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds).

Example of MAP Gateway Target Module Fields
[UlticomMAPGateway]
ModuleType=GSM
LibraryName=library32/libulcmmg.so
RequiredModuleVersionNumber=1
SymbolPrefix=ulcm_mg_t_
InitializationString=conf/ulcmmg.conf
RequestTimeoutMs=10000
SQL Database Target Module Fields

Table 164: gsmmap.gen SQL Database Fields

gsmmap.gen [Database] Field

Configure to This Value

ModuleType

Database

DatabaseAccessor
MethodName

Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the sqlaccessor.gen file, see Configuring sqlaccessor.gen and sqlaccessorjdbc.gen).

KeyForAuthorization

Specifies whether the subscriber is identified by IMSI or MSISDN (key field). Valid values are:

IMSI

MSISDN

For more information about setting database keys, see Identifying Key Fields for Oracle, JDBC, and LDAP Databases.

Example of SQL Database Target Module
[SQLDatabase]
ModuleType=Database
DatabaseAccessorMethodName=SQL Accessor
KeyForAuthorization=MSISDN
LDAP Database Target Module Fields

Table 165: gsmmap.gen LDAP Database Fields

Field

Configure to This Value

ModuleType

Database

DatabaseAccessor
MethodName

Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the ldapaccessor.gen file, see Configuring the LDAP Data Accessor (ldapaccessor.gen)).

KeyForAuthorization

Specifies whether the subscriber is identified by IMSI or MSISDN. Valid values are:

IMSI

MSISDN

For more information about setting database keys, see Identifying Key Fields for Oracle, JDBC, and LDAP Databases.

Example of LDAP Database Target Module
[LDAPDatabase]
ModuleType=Database
DatabaseAccessorMethodName=LDAP Accessor
KeyForAuthorization=IMSI

Field	Description
LibraryName	Specifies the name of the library called when gsmmap runs. Default value is gsmmap.
Enable	Set to 1 to enable the features described in this file. Set to 0 to disable the features described in this file. Default value is 1.
DependsOn	Specifies the names of the module or modules (comma separated) that must be running for the MAP module to work. If you change the name of the data accessor files described in Configuring the Data Accessors for the SIM and SMS Authentication Modules, you must configure this parameter to match the new file name. Default values are: `ldapaccessor.gen`, `sqlaccessor.gen`

Field	Description
ConfigLog	Method for capturing log information. None= Configuration information is not captured. ConsoleAndLog= Log information is sent to both the console and the log. Console= Log information is sent to the console only. Log= Log information is sent to the log file only. Default is ConsoleAndLog.

Setting Name	Action Needed to Process Access-Request	Identifier of the Mobile Station	Network Equipment
SIM	Obtain SIM triplets*	IMSI	HLR (supporting MAP application context version 2)
AKA	Obtain AKA quintets	IMSI	HLR (supporting MAP application context version 3)
SMS	Send SMS text message containing password	IMSI	MSC (SMS text message sent through the MSC)
IMSI	Obtain IMSI (given the MSISDN)	MSISDN	HLR
MSISDN	Obtain MSISDN (given the IMSI)	IMSI	HLR
Authorization	Obtain Authorization string	IMSI or MSISDN	HLR or SQL or LDAP database

Target Module	Type	Network	Source of Subscriber Information	Default Target Module Name
MAP Gateway	GSM	SS7	HLR	UlticomMapGateway
SMS Gateway	GSM	SS7	MSC	UlticomSMSGateway
SQL Database	Database	IP	SQL database	SQLDatabase
LDAP Database	Database	IP	LDAP database	LDAPDatabase

Field	Description
ModuleType	Specifies the type of module being called. Options are: Database GSM
LibraryName	The name of the library called when the target module runs.
RequiredModuleVersionNumber	Version number of the specified module. Default value is 1.
SymbolPrefix	Specifies the prefix for the symbols loaded from the library. For the MAP Gateway, enter `ulcm_mg_t_`. For the SMS Gateway, enter `ulcm_sms_t_`.
InitializationString	Specifies the name of the initialization file for the library.
RequestTimeoutMs	Specifies the number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds). An SMS Gateway that must communicate with a subscriber's mobile telephone requires a considerably longer timeout value; for example, 60000 (60 seconds).

Field	Configure to This Value
ModuleType	GSM
LibraryName	`library32/libulcmmg.so`
RequiredModuleVersionNumber	1
SymbolPrefix	`ulcm_mg_t_`
InitializationString	`conf/ulcmmg.conf` See the `ulcmmg.conf` file in the Steel-Belted Radius Carrier 7.2 Installation Guide.
RequestTimeoutMs	Number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds).

gsmmap.gen [Database] Field	Configure to This Value
ModuleType	Database
DatabaseAccessor MethodName	Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the `sqlaccessor.gen` file, see Configuring sqlaccessor.gen and sqlaccessorjdbc.gen).
KeyForAuthorization	Specifies whether the subscriber is identified by IMSI or MSISDN (key field). Valid values are: IMSI MSISDN For more information about setting database keys, see Identifying Key Fields for Oracle, JDBC, and LDAP Databases.

Field	Configure to This Value
ModuleType	Database
DatabaseAccessor MethodName	Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the `ldapaccessor.gen` file, see Configuring the LDAP Data Accessor (ldapaccessor.gen)).
KeyForAuthorization	Specifies whether the subscriber is identified by IMSI or MSISDN. Valid values are: IMSI MSISDN For more information about setting database keys, see Identifying Key Fields for Oracle, JDBC, and LDAP Databases.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]