gsmmap.gen File
This section describes the gsmmap.gen file used by the SIM authentication module to define settings for authenticating Access-Request messages. The following topics are included in this chapter:
The gsmmap.gen file enables you to configure authentication settings by realm. This file consists of several sections that you need to configure, including:
[Bootstrap] section
[Settings] section
[Realms] section
Each realm section
Target module sections
This section describes each of these configuration sections.
[Bootstrap] Section
[Bootstrap] Section
The [Bootstrap] section (Table 175) of the gsmmap.gen file enables the gsmmap.gen file to function.
Table 175: gsmmap.gen [Bootstrap] Fields
Field | Description |
---|---|
LibraryName | Specifies the name of the executable binary. Default value is gsmmap. |
Enable | Set to 1 to enable this file. Set to 0 to disable this file. Default value is 0. |
[Settings] Section
[Settings] Section
The [Settings] section (Table 176) controls how log information is handled.
Table 176: gsmmap.gen [Settings] Fields
Field | Description |
---|---|
ConfigLog | Method for capturing log information.
Default is ConsoleAndLog. |
[Realms] Section
[Realms] Section
The [Realms] section of the gsmmap.gen file contains a list of realms for which you specify authentication instructions. When an Access-Request is received, Steel-Belted Radius Carrier handles the request in different ways, depending on the settings in the [Realms] section. For example, requests from the ABC.com realm might require the IMSI retrieved from the LDAP database for authentication, requests from the XYZ.com realm might require the AKA from the MAP Gateway for authentication.
You can specify realms in several ways:
By name—You can specify realms directly by listing names of authorized realms. Example: abc.com.
By alias—You can create an alias for a realm by specifying the realm alias and realm name. Example: realm1=abc.com
By wildcard alias—You can create an alias that includes a wildcard to permit authentication for multiple realms. Example: realm2=*abc.com or realm=abc.*
By unmatched realm—You can create an alias that applies to all realms that do not match any specified realm. Example: CatchAllRealm=*
By no realm—You can capture all authentication requests that do not contain a realm with the NoRealm= command.
Configuring Each Realm Section
Configuring Each Realm Section
For each realm or alias that you create in the [Realms] section, you must create a separate section identified by the specified realm name or alias in the gsmmap.gen file. Within each realm setting, you identify a target module for each type of information that might be required to authenticate a subscriber. The target module defines where to obtain the specified information for each type of authenticator.
For example, if ABC.com is one of the realms, you must create a target module for any of the EAP-SIM, EAP-AKA, IMSI, MSISDN, and Authorization authentication types that are used to authenticate subscribers from ABC.com.
Use the Default= setting to identify a target module to be called if any of the other settings are absent.
The Setting Name can be set to None if you want to disable the setting. For example, Authorization=None.
Example
Example
In the following example, these configuration choices are specified:
Access-Requests requiring an authorization string are handled according to the settings in the SQLDatabase target module section of gsmmap.gen.
All other Access-Requests are handled according to the UlticomMapGateway target module section of gsmmap.gen.
Relationship Between Sections
Relationship Between Sections
Figure 15 illustrates the relationship between the [Realms] section, the specific named realm section, and the target module section in the gsmmap.gen file.

Network Equipment and Data Needed for Processing Access-Requests
Network Equipment and Data Needed for Processing Access-Requests
Table 177 identifies the network equipment needed for authentication based on the action needed to process the Access-Request.
Table 177: Network Equipment and Related Settings, Actions, and Identifiers
Setting Name
| Action Needed to Process Access-Request | Identifier of the Mobile Station | Network Equipment |
---|---|---|---|
SIM | Obtain SIM triplets* | IMSI | HLR (supporting MAP application context version 2 or 3) |
AKA | Obtain AKA quintets | IMSI | HLR (supporting MAP application context version 3) |
IMSI | Obtain IMSI (given the MSISDN) | MSISDN | HLR |
MSISDN | Obtain MSISDN (given the IMSI) | IMSI | HLR |
Authorization | Obtain Authorization string | IMSI or MSISDN | HLR or SQL or LDAP database |
* If quintets are received but triplets are needed, the authentication module converts the quintets to triplets according to specification 3G TS 33.102 available at http://www.3gpp.org.
You can set the Setting Name to None if you want to disable the setting. For example, SIM=None.
Example: Authorization String
Example: Authorization String
If an authorization string is required to process an Access-Request, the following might be true:
Authorization string is in the database
IMSI is received in the Access-Request
Database is keyed off the MSISDN
In this case, the Mobile Switching Center (MSC) is used to obtain the MSISDN based on the IMSI. Then the MSISDN is used to retrieve the Authorization string from the database or HLR.
Disabling Authorization from EAP-SIM
Disabling Authorization from EAP-SIM
You can disable authorization completely from EAP-SIM (not fetch subscriber profile information from the HLR and not perform a SQL/LDAP query).
To disable authorization from EAP-SIM:
Set Authorization=None in the realm section of the gsmmap.gen file.
Remove all authorization options (BS, TS, and ODB) from the authGateway.conf file for the target HLR, disable the connection between authGateway and GWrelay applications in the GWrelay.conf file, and disable the connection between SBR Carrier and the GWrelay application in the ulcmmg.conf file. For complete details on the authGateway.conf, GWrelay.conf, and ulcmmg.conf files, see the SBR Carrier Installation Guide.
Target Module Section
Target Module Section
For each target module that you list for a realm, you must create a configuration section that identifies settings to be used for that module. The settings that you must specify depend on the type of module being called. The target modules are described in Table 178.
Table 178: Types of Target Modules
Target Module | Type | Source of Subscriber Information | Default Target Module Name |
---|---|---|---|
MAP Gateway | GSM | HLR | UlticomMapGateway |
SQL Database | Database | SQL database | SQLDatabase |
LDAP Database | Database | LDAP database | LDAPDatabase |
The fields to be included in the target module section differ depending on the specific target module. For example, the MAP Gateway target module section in the gsmmap.gen file requires a different set of fields than the LDAP database target module. Table 179 through Table 182 list the fields required for each target module.
Target Module Fields (General Case)
Target Module Fields (General Case)
Table 179: gsmmap.gen [Module] Fields (General Case)
Field | Description |
---|---|
ModuleType | Specifies the type of module being called. Options are:
|
LibraryName | Specifies the name of the executable binary. |
Required Module VersionNumber | Version number of the specified module. Default value is 1. |
SymbolPrefix | Specifies the prefix for the symbols loaded from the library.
|
InitializationString | Specifies the name of the configuration file for the library. |
RequestTimeoutMs | Specifies the number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the SS7 network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10000 (10 seconds). This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal. |
MAP Gateway Target Module Fields
MAP Gateway Target Module Fields
Table 180: gsmmap.gen MAP Gateway Module Fields
Field | Configure to This Value |
---|---|
ModuleType | GSM |
LibraryName | library32/libulcmmg.so |
Required Module Version Number | 1 |
SymbolPrefix | ulcm_mg_t_ |
InitializationString | conf/ulcmmg.conf See the ulcmmg.conf file in the SBR Carrier Installation Guide. |
RequestTimeoutMs | Number of milliseconds Steel-Belted Radius Carrier waits for a request from the library to complete. Enter a value that reflects how long the network takes to complete a request. For example, a MAP Gateway communicating with an HLR requires a relatively short timeout value; for example, 10,000 (10 seconds). |
Example of MAP Gateway Target Module Fields
Example of MAP Gateway Target Module Fields
[UlticomMAPGateway] ModuleType=GSM LibraryName=library32/libulcmmg.so RequiredModuleVersionNumber=1 SymbolPrefix=ulcm_mg_t_ InitializationString=conf/ulcmmg.conf RequestTimeoutMs=10000
SQL Database Target Module Fields
SQL Database Target Module Fields
Table 181: gsmmap.gen SQL Database Fields
gsmmap.gen [Database] Field | Configure to This Value |
---|---|
ModuleType | Database This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal. |
DatabaseAccessor | Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the sqlaccessor.gen or sqlaccessor_jdbc.gen file, see SQL Accessors. This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal. |
KeyForAuthorization | Specifies whether the subscriber is identified by IMSI or MSISDN (key field). Valid values are:
For more information about setting database keys, see Detailed Use Cases. This parameter is reloaded every time that SBRC receives a SIGHUP (1) signal. |
Example of SQL Database Target Module
Example of SQL Database Target Module
[SQLDatabase] ModuleType=Database DatabaseAccessorMethodName=SQL Accessor KeyForAuthorization=MSISDN
LDAP Database Target Module Fields
LDAP Database Target Module Fields
Table 182: gsmmap.gen LDAP Database Fields
Field | Configure to This Value |
---|---|
ModuleType | Database |
DatabaseAccessor | Name by which the SQL data accessor registers itself with Steel-Belted Radius Carrier. This value must match the value entered in the MethodName setting in the ldapaccessor.gen file, see LDAP Accessor Files). |
KeyForAuthorization | Specifies whether the subscriber is identified by IMSI or MSISDN. Valid values are:
For more information about setting database keys, see Detailed Use Cases. |
Example of LDAP Database Target Module
Example of LDAP Database Target Module
[LDAPDatabase] ModuleType=Database DatabaseAccessorMethodName=LDAP Accessor KeyForAuthorization=IMSI