Question on anonymous identity
Stefan Winter
stefan.winter at restena.lu
Mon Jan 11 08:59:16 CET 2016
Hi,
> Windows Phone (8.1): It's so often-seen one, but it exists. Configuring
> an anonymous identity or CA/common names in the UI on a real Windows
> Phone I've had my hands on: Not available on the UI, same as with iOS.
>
> In contrast to Apple's way I haven't found a compareable documentation
> how a config file woud look like, but only how it can be provisioned via
> MS System Center products... (maybe I'm wrong here, so bare with me)
As much as I know, the config format is pretty much identical to the
Windows Desktop versions:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms706965%28v=vs.85%29.aspx
But the catch here is that the config file will only be *accepted* by
the phone when the device is actually in MDM managed mode. I.e. "just"
sending the config file to an unmanaged device will make it do nothing :-(
That situation may have changed recently... I'd be very happy to be told
I'm wrong :-) eduroam CAT and https://802.1x-config.org could be
equipped with a matching module in no time...
Greetings,
Stefan Winter
>
> [...]
>> If the vendor doesn't *default* to anonymous outer identities, please also tell the list.
>
> In case of iOS (9.2) for example when it isn't explicitely configured
> via a .mobileconfig to use an anonymous identity I haven't seen the
> device not sending the user name in FreeRADIUS debug mode. If it is
> configured by a .mobileconfig I can see the configured anonymous
> identity first, then the user name in the inner-tunnel phase.
>
> Maybe iOS behaves differently if a realm is appended to the user name,
> this setup I checkd against verified AD samaccountname without a realm.
> i.e. eduroam mandates to append a realm from what I found.
>
> -- Mathieu
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160111/8b1f4cdc/attachment-0001.sig>
More information about the Freeradius-Users
mailing list