Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0
Robert Franklin
rcf34 at cam.ac.uk
Mon Jun 2 14:56:19 CEST 2014
On 2 Jun 2014, at 11:41, Rui Ribeiro <ruyrybeyro at gmail.com> wrote:
> About this issue, I remember we having problems in the past with some Android and Linux devices where in the configuration you had to fill up the anonymous login field, or else it would not authenticate if that field was blank.
>
> At that time, I instructed our helpdesk to fill it up with the login of the user.
In this case, the user has not filled in the outer username as anonymous and the phone is just using username at cam.ac.uk (which you can see in the raddebug).
The EAP tunnel doesn't get established as things stop before then, so we haven't even checked the inner username yet.
Our local policy insists that the outer username must either be the inner username OR empty (i.e. "@cam.ac.uk"). We do not allow anything local "anonymous at cam.ac.uk", although that would be rejected later.
[The policy is that you can either keep your identity secret, or disclose it, but you can't send anything misleading, including "anonymous", which we don't special case.]
This issue does got logged with a specific message so we can see it happens. I've never had it reported as an issue, though (it's a Reply-Message, which most users wouldn't see).
- Bob
--
Bob Franklin rcf34 at cam.ac.uk / +44 1223 748479
Networks, University Information Services, University of Cambridge
More information about the Freeradius-Users
mailing list