This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Neels Hofmeyr nhofmeyr at sysmocom.deI found the interesting situation while trying to find the minimal network-in-the-box installation with the new split components: For CS, the MSC/VLR happily accept a subscriber that has no auth tokens in the HLR, as long as the IMSI is present in the HLR and authentication is set to optional. For PS, the SGSN on auth policy remote naturally asks the HLR for auth tuples for the subscriber. The HLR then finds the IMSI allright, but no 2G nor 3G auth tokens, and says so to the SGSN. That leads to total rejection: HLR: DLINP <0006> ../../../src/libosmo-abis/src/input/ipa.c:383 connected read/write DLINP <0006> ../../../src/libosmo-abis/src/input/ipa.c:338 message received DAUC <0003> ../../../src/osmo-hlr/src/db_auc.c:127 IMSI='901700000014701': No 2G Auth Data DAUC <0003> ../../../src/osmo-hlr/src/db_auc.c:163 IMSI='901700000014701': No 3G Auth Data SGSN: <000f> ../../../../src/osmo-sgsn/src/gprs/gprs_subscriber.c:493 SUBSCR(901700000014701) GPRS send auth info req failed, GMM cause = 'Network failure' (17) <0002> ../../../../src/osmo-sgsn/src/gprs/sgsn_auth.c:236 MM(901700000014701/ccb050ce) Missing auth tuples, authorization not possible <0002> ../../../../src/osmo-sgsn/src/gprs/gprs_gmm.c:1140 MM(901700000014701/ccb050ce) Not authorized, rejecting ATTACH REQUEST with cause 'Network failure' (17) <0002> ../../../../src/osmo-sgsn/src/gprs/gprs_gmm.c:491 MM(901700000014701/ccb050ce) <- GPRS ATTACH REJECT: Network failure It appears that in the SGSN, I either have to accept all IMSIs or also have auth tokens for each IMSI in the HLR. There's apparently no way to just accept IMSIs (without cryptographic auth) as long as the IMSIs exists in the HLR. In production networks, we usually have auth tokens for each SIM, but in open / community networks, IIUC operating without auth+ciph is an important option in Osmocom. It appears to me that we should support this case. Or do we already support it by issuing accept-all policy, and rely on the subscriber being rejected by the MSC before establishing GMM? (In that case we can't use the HLR at all, i.e. not for other IMSIs where we'd know auth tokens.) What do you guys think? Should we open an issue on it? Related: I'm often confused by the SGSN auth code and have wished before that it were a well-defined FSM instead... like the libvlr... ~N -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20171111/75a8b43e/attachment.bin>