gsmmap.gen File

This section describes the gsmmap.gen file used by the SIM authentication module to define settings for authenticating Access-Request messages. The following topics are included in this chapter:

The gsmmap.gen file enables you to configure authentication settings by realm. This file consists of several sections that you need to configure, including:

[Bootstrap] section
[Settings] section
[Realms] section
Each realm section
Target module sections

This section describes each of these configuration sections.

[Bootstrap] Section

The [Bootstrap] section (Table 175) of the gsmmap.gen file enables the gsmmap.gen file to function.

Table 175: gsmmap.gen [Bootstrap] Fields

Field	Description
LibraryName	Specifies the name of the executable binary. Default value is gsmmap.
Enable	Set to 1 to enable this file. Set to 0 to disable this file. Default value is 0.

Field

Description

LibraryName

Specifies the name of the executable binary.

Default value is gsmmap.

Enable

Set to 1 to enable this file.

Set to 0 to disable this file.

Default value is 0.

[Settings] Section

The [Settings] section (Table 176) controls how log information is handled.

Table 176: gsmmap.gen [Settings] Fields

Field	Description
ConfigLog	Method for capturing log information. None= Configuration information is not captured. ConsoleAndLog= Log information is sent to both the console and the log. Console= Log information is sent to the console only. Log= Log information is sent to the log file only. Default is ConsoleAndLog.

Field

Description

ConfigLog

Method for capturing log information.

None= Configuration information is not captured.
ConsoleAndLog= Log information is sent to both the console and the log.
Console= Log information is sent to the console only.
Log= Log information is sent to the log file only.

Default is ConsoleAndLog.

[Realms] Section

The [Realms] section of the gsmmap.gen file contains a list of realms for which you specify authentication instructions. When an Access-Request is received, Steel-Belted Radius Carrier handles the request in different ways, depending on the settings in the [Realms] section. For example, requests from the ABC.com realm might require the IMSI retrieved from the LDAP database for authentication, requests from the XYZ.com realm might require the AKA from the MAP Gateway for authentication.

You can specify realms in several ways:

By name—You can specify realms directly by listing names of authorized realms. Example: abc.com.
By alias—You can create an alias for a realm by specifying the realm alias and realm name. Example: realm1=abc.com
By wildcard alias—You can create an alias that includes a wildcard to permit authentication for multiple realms. Example: realm2=*abc.com or realm=abc.*
By unmatched realm—You can create an alias that applies to all realms that do not match any specified realm. Example: CatchAllRealm=*
By no realm—You can capture all authentication requests that do not contain a realm with the NoRealm= command.

Configuring Each Realm Section

For each realm or alias that you create in the [Realms] section, you must create a separate section identified by the specified realm name or alias in the gsmmap.gen file. Within each realm setting, you identify a target module for each type of information that might be required to authenticate a subscriber. The target module defines where to obtain the specified information for each type of authenticator.

For example, if ABC.com is one of the realms, you must create a target module for any of the EAP-SIM, EAP-AKA, IMSI, MSISDN, and Authorization authentication types that are used to authenticate subscribers from ABC.com.

Use the Default= setting to identify a target module to be called if any of the other settings are absent.

Note

The Setting Name can be set to None if you want to disable the setting. For example, Authorization=None.

Example

In the following example, these configuration choices are specified:

Access-Requests requiring an authorization string are handled according to the settings in the SQLDatabase target module section of gsmmap.gen.
All other Access-Requests are handled according to the UlticomMapGateway target module section of gsmmap.gen.

Relationship Between Sections

Figure 15 illustrates the relationship between the [Realms] section, the specific named realm section, and the target module section in the gsmmap.gen file.

Network Equipment and Data Needed for Processing Access-Requests

Table 177 identifies the network equipment needed for authentication based on the action needed to process the Access-Request.

Table 177: Network Equipment and Related Settings, Actions, and Identifiers

Setting Name	Action Needed to Process Access-Request	Identifier of the Mobile Station	Network Equipment
SIM	Obtain SIM triplets*	IMSI	HLR (supporting MAP application context version 2 or 3)
AKA	Obtain AKA quintets	IMSI	HLR (supporting MAP application context version 3)

IMSI	Obtain IMSI (given the MSISDN)	MSISDN	HLR
MSISDN	Obtain MSISDN (given the IMSI)	IMSI	HLR
Authorization	Obtain Authorization string	IMSI or MSISDN	HLR or SQL or LDAP database

* If quintets are received but triplets are needed, the authentication module converts the quintets to triplets according to specification 3G TS 33.102 available at http://www.3gpp.org.

Note

You can set the Setting Name to None if you want to disable the setting. For example, SIM=None.

Example: Authorization String

If an authorization string is required to process an Access-Request, the following might be true:

Authorization string is in the database
IMSI is received in the Access-Request
Database is keyed off the MSISDN

In this case, the Mobile Switching Center (MSC) is used to obtain the MSISDN based on the IMSI. Then the MSISDN is used to retrieve the Authorization string from the database or HLR.

Disabling Authorization from EAP-SIM

You can disable authorization completely from EAP-SIM (not fetch subscriber profile information from the HLR and not perform a SQL/LDAP query).

To disable authorization from EAP-SIM:

Set Authorization=None in the realm section of the gsmmap.gen file.
Remove all authorization options (BS, TS, and ODB) from the authGateway.conf file for the target HLR, disable the connection between authGateway and GWrelay applications in the GWrelay.conf file, and disable the connection between SBR Carrier and the GWrelay application in the ulcmmg.conf file. For complete details on the authGateway.conf, GWrelay.conf, and ulcmmg.conf files, see the SBR Carrier Installation Guide.

Target Module Section

For each target module that you list for a realm, you must create a configuration section that identifies settings to be used for that module. The settings that you must specify depend on the type of module being called. The target modules are described in Table 178.

Table 178: Types of Target Modules

Target Module	Type	Source of Subscriber Information	Default Target Module Name
MAP Gateway	GSM	HLR	UlticomMapGateway
SQL Database	Database	SQL database	SQLDatabase
LDAP Database	Database	LDAP database	LDAPDatabase

The fields to be included in the target module section differ depending on the specific target module. For example, the MAP Gateway target module section in the gsmmap.gen file requires a different set of fields than the LDAP database target module. Table 179 through Table 182 list the fields required for each target module.

Target Module Fields (General Case)

Table 179: gsmmap.gen [Module] Fields (General Case)

Field	Description
ModuleType	Specifies the type of module being called. Options are: Database GSM
LibraryName	Specifies the name of the executable binary.
Required Module VersionNumber	Version number of the specified module. Default value is 1.
SymbolPrefix	Specifies the prefix for the symbols loaded from the library. For the MAP Gateway, enter `ulcm_mg_t_`.
InitializationString	Specifies the name of the configuration file for the library.
RequestTimeoutMs	Specifies the number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds). This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

MAP Gateway Target Module Fields

Table 180: gsmmap.gen MAP Gateway Module Fields

Field	Configure to This Value
ModuleType	GSM
LibraryName	`library32/libulcmmg.so`
Required Module Version Number	1
SymbolPrefix	`ulcm_mg_t_`
InitializationString	`conf/ulcmmg.conf` See the `ulcmmg.conf` file in the SBR Carrier Installation Guide.
RequestTimeoutMs	Number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10,000 (10 seconds).

Example of MAP Gateway Target Module Fields

SQL Database Target Module Fields

Table 181: gsmmap.gen SQL Database Fields

gsmmap.gen [Database] Field	Configure to This Value
ModuleType	Database This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.
DatabaseAccessor MethodName	Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the `MethodName` setting in the `sqlaccessor.gen` or `sqlaccessor_jdbc.gen` file, see SQL Accessors. This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.
KeyForAuthorization	Specifies whether the subscriber is identified by IMSI or MSISDN (key field). Valid values are: IMSI MSISDN For more information about setting database keys, see Detailed Use Cases. This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

gsmmap.gen [Database] Field

Configure to This Value

ModuleType

Database

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

DatabaseAccessor

MethodName

Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the sqlaccessor.gen or sqlaccessor_jdbc.gen file, see SQL Accessors.

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

KeyForAuthorization

Specifies whether the subscriber is identified by IMSI or MSISDN (key field). Valid values are:

IMSI
MSISDN

For more information about setting database keys, see Detailed Use Cases.

This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal.

Example of SQL Database Target Module

LDAP Database Target Module Fields

Table 182: gsmmap.gen LDAP Database Fields

Field	Configure to This Value
ModuleType	Database
DatabaseAccessor MethodName	Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the `MethodName` setting in the `ldapaccessor.gen` file, see LDAP Accessor Files).
KeyForAuthorization	Specifies whether the subscriber is identified by IMSI or MSISDN. Valid values are: IMSI MSISDN For more information about setting database keys, see Detailed Use Cases.

Field

Configure to This Value

ModuleType

Database

DatabaseAccessor

MethodName

Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the ldapaccessor.gen file, see LDAP Accessor Files).

KeyForAuthorization

Specifies whether the subscriber is identified by IMSI or MSISDN. Valid values are:

IMSI
MSISDN

For more information about setting database keys, see Detailed Use Cases.

gsmmap.gen File

[Bootstrap] Section

[Bootstrap] Section

[Settings] Section

[Settings] Section

[Realms] Section

[Realms] Section

Configuring Each Realm Section

Configuring Each Realm Section

Example

Example

Relationship Between Sections

Relationship Between Sections

Network Equipment and Data Needed for Processing Access-Requests

Network Equipment and Data Needed for Processing Access-Requests

Example: Authorization String

Example: Authorization String

Disabling Authorization from EAP-SIM

Disabling Authorization from EAP-SIM

Target Module Section

Target Module Section

Target Module Fields (General Case)

Target Module Fields (General Case)

MAP Gateway Target Module Fields

MAP Gateway Target Module Fields

Example of MAP Gateway Target Module Fields

Example of MAP Gateway Target Module Fields

SQL Database Target Module Fields

SQL Database Target Module Fields

Example of SQL Database Target Module

Example of SQL Database Target Module

LDAP Database Target Module Fields

LDAP Database Target Module Fields

Example of LDAP Database Target Module

Example of LDAP Database Target Module