Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

gsmmap.gen File

This section describes the gsmmap.gen file used by the SIM authentication module to define settings for authenticating Access-Request messages. The following topics are included in this chapter:

The gsmmap.gen file enables you to configure authentication settings by realm. This file consists of several sections that you need to configure, including:

  • [Bootstrap] section
  • [Settings] section
  • [Realms] section
  • Each realm section
  • Target module sections

This section describes each of these configuration sections.

[Bootstrap] Section

The [Bootstrap] section (Table 180) of the gsmmap.gen file enables the gsmmap.gen file to function.

Table 180: gsmmap.gen [Bootstrap] Fields

Field

Description

LibraryName

Specifies the name of the executable binary.

Default value is gsmmap.

Enable

Set to 1 to enable this file.

Set to 0 to disable this file.

Default value is 0.

  

[Settings] Section

The [Settings] section (Table 181) controls how log information is handled.

Table 181: gsmmap.gen [Settings] Fields

Field

Description

ConfigLog

Method for capturing log information.

  • None= Configuration information is not captured.
  • ConsoleAndLog= Log information is sent to both the console and the log.
  • Console= Log information is sent to the console only.
  • Log= Log information is sent to the log file only.

Default is ConsoleAndLog.

[Realms] Section

The [Realms] section of the gsmmap.gen file contains a list of realms for which you specify authentication instructions. When an Access-Request is received, Steel-Belted Radius Carrier handles the request in different ways, depending on the settings in the [Realms] section. For example, requests from the ABC.com realm might require the IMSI retrieved from the LDAP database for authentication, requests from the XYZ.com realm might require the AKA from the MAP Gateway for authentication.

You can specify realms in several ways:

  • By name—You can specify realms directly by listing names of authorized realms. Example: abc.com.
  • By alias—You can create an alias for a realm by specifying the realm alias and realm name. Example: realm1=abc.com
  • By wildcard alias—You can create an alias that includes a wildcard to permit authentication for multiple realms. Example: realm2=*abc.com or realm=abc.*
  • By unmatched realm—You can create an alias that applies to all realms that do not match any specified realm. Example: CatchAllRealm=*
  • By no realm—You can capture all authentication requests that do not contain a realm with the NoRealm= command.

Configuring Each Realm Section

For each realm or alias that you create in the [Realms] section, you must create a separate section identified by the specified realm name or alias in the gsmmap.gen file. Within each realm setting, you identify a target module for each type of information that might be required to authenticate a subscriber. The target module defines where to obtain the specified information for each type of authenticator.

For example, if ABC.com is one of the realms, you must create a target module for any of the EAP-SIM, EAP-AKA, IMSI, MSISDN, and Authorization authentication types that are used to authenticate subscribers from ABC.com.

Use the Default= setting to identify a target module to be called if any of the other settings are absent.

Note: The Setting Name can be set to None if you want to disable the setting. For example, Authorization=None.

Example

In the following example, these configuration choices are specified:

  • Access-Requests requiring an authorization string are handled according to the settings in the SQLDatabase target module section of gsmmap.gen.

    All other Access-Requests are handled according to the UlticomMapGateway target module section of gsmmap.gen.

Relationship Between Sections

Figure 15 illustrates the relationship between the [Realms] section, the specific named realm section, and the target module section in the gsmmap.gen file.

Figure 15: Relationship Between Sections in gsmmap.gen File

Relationship Between Sections in gsmmap.gen
File

Network Equipment and Data Needed for Processing Access-Requests

Table 182 identifies the network equipment needed for authentication based on the action needed to process the Access-Request.

Table 182: Network Equipment and Related Settings, Actions, and Identifiers

Setting Name

 

Action Needed to Process Access-Request

Identifier of the Mobile Station

Network Equipment

SIM

Obtain SIM triplets*

IMSI

HLR (supporting MAP application context version 2 or 3)

AKA

Obtain AKA quintets

IMSI

HLR (supporting MAP application context version 3)

SMS

Send SMS text message containing password

IMSI

MSC (SMS text message sent through the MSC)

IMSI

Obtain IMSI (given the MSISDN)

MSISDN

HLR

MSISDN

Obtain MSISDN (given the IMSI)

IMSI

HLR

Authorization

Obtain Authorization string

IMSI or MSISDN

HLR or SQL or LDAP database

* If quintets are received but triplets are needed, the authentication module converts the quintets to triplets according to specification 3G TS 33.102 available at http://www.3gpp.org.

Note: You can set the Setting Name to None if you want to disable the setting. For example, SIM=None.

Example: Authorization String

If an authorization string is required to process an Access-Request, the following might be true:

  • Authorization string is in the database
  • IMSI is received in the Access-Request
  • Database is keyed off the MSISDN

In this case, the Mobile Switching Center (MSC) is used to obtain the MSISDN based on the IMSI. Then the MSISDN is used to retrieve the Authorization string from the database or HLR.

Disabling Authorization from EAP-SIM

You can disable authorization completely from EAP-SIM (not fetch subscriber profile information from the HLR and not perform a SQL/LDAP query).

To disable authorization from EAP-SIM:

  1. Set Authorization=None in the realm section of the gsmmap.gen file.
  2. Remove all authorization options (BS, TS, and ODB) from the authGateway.conf file for the target HLR, disable the connection between authGateway and GWrelay applications in the GWrelay.conf file, and disable the connection between SBR Carrier and the GWrelay application in the ulcmmg.conf file. For complete details on the authGateway.conf, GWrelay.conf, and ulcmmg.conf files, see the SBR Carrier Installation Guide.

Target Module Section

For each target module that you list for a realm, you must create a configuration section that identifies settings to be used for that module. The settings that you must specify depend on the type of module being called. The target modules are described in Table 183.

Table 183: Types of Target Modules

Target Module

Type

Source of Subscriber Information

Default Target Module Name

MAP Gateway

GSM

HLR

UlticomMapGateway

SQL Database

Database

SQL database

SQLDatabase

LDAP Database

Database

LDAP database

LDAPDatabase

The fields to be included in the target module section differ depending on the specific target module. For example, the MAP Gateway target module section in the gsmmap.gen file requires a different set of fields than the LDAP database target module. Table 184 through Table 187 list the fields required for each target module.

Target Module Fields (General Case)

Table 184: gsmmap.gen [Module] Fields (General Case)

Field

Description

ModuleType

Specifies the type of module being called. Options are:

  • Database
  • GSM

LibraryName

Specifies the name of the executable binary.

Required Module VersionNumber

Version number of the specified module.

Default value is 1.

SymbolPrefix

Specifies the prefix for the symbols loaded from the library.

  • For the MAP Gateway, enter ulcm_mg_t_.

InitializationString

Specifies the name of the configuration file for the library.

RequestTimeoutMs

Specifies the number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds). An SMS Gateway that must communicate with a subscriber’s mobile telephone requires a considerably longer timeout value; for example, 60000 (60 seconds).

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

MAP Gateway Target Module Fields

Table 185: gsmmap.gen MAP Gateway Module Fields

Field

Configure to This Value

ModuleType

GSM

LibraryName

library32/libulcmmg.so

Required Module Version Number

1

SymbolPrefix

ulcm_mg_t_

InitializationString

conf/ulcmmg.conf

See the ulcmmg.conf file in the SBR Carrier Installation Guide.

RequestTimeoutMs

Number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10,000 (10 seconds).

Example of MAP Gateway Target Module Fields

[UlticomMAPGateway]
ModuleType=GSM
LibraryName=library32/libulcmmg.so
RequiredModuleVersionNumber=1
SymbolPrefix=ulcm_mg_t_
InitializationString=conf/ulcmmg.conf
RequestTimeoutMs=10000

SQL Database Target Module Fields

Table 186: gsmmap.gen SQL Database Fields

gsmmap.gen [Database] Field

Configure to This Value

ModuleType

Database

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

DatabaseAccessor
MethodName

Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the sqlaccessor.gen or sqlaccessor_jdbc.gen file, see SQL Accessors.

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

KeyForAuthorization

Specifies whether the subscriber is identified by IMSI or MSISDN (key field). Valid values are:

  • IMSI
  • MSISDN

For more information about setting database keys, see Detailed Use Cases.

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

Example of SQL Database Target Module

[SQLDatabase]
ModuleType=Database
DatabaseAccessorMethodName=SQL Accessor
KeyForAuthorization=MSISDN

LDAP Database Target Module Fields

Table 187: gsmmap.gen LDAP Database Fields

Field

Configure to This Value

ModuleType

Database

DatabaseAccessor
MethodName

Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the ldapaccessor.gen file, see LDAP Accessor Files).

KeyForAuthorization

Specifies whether the subscriber is identified by IMSI or MSISDN. Valid values are:

  • IMSI
  • MSISDN

For more information about setting database keys, see Detailed Use Cases.

Example of LDAP Database Target Module

[LDAPDatabase]
ModuleType=Database
DatabaseAccessorMethodName=LDAP Accessor
KeyForAuthorization=IMSI

Modified: 2018-01-11