How to Reject Anonymous Identity

Alan DeKok aland at
Fri Nov 2 17:15:33 CET 2018

On Nov 2, 2018, at 12:08 PM, Selahattin Cilek <selahattin_cilek at> wrote:
> I use FreeRADIUS 3.0.17 to provide services on a site. Ever since I 
> stepped into the world of RADIUS, I have been dealing with the issue of 
> "anonymous" users.

  What do you mean by anonymous users?

  The normal operation is to only authenticate *known* users.  Everyone else is unknown, and un-authenticated.

> I have been abusing the *Class* attribute work around 
> the problem, but after some deliberation, I've decided that it would be 
> best if I could reject anonymous users right away.

  Perhaps there's debug output you could share...

> Currently, this store procedure can check if a user with a given name 
> exists in the database, and if not, return *0* to make FreeRADIUS to 
> reject access to that user.

  The default *is* to reject unknown users.  So if your system is allowing unknown users, then it's because of local changes you made to allow that.

> What I'd like to know though is that if there is a better, more elegant 
> FreeRADIUSy way of achieving the same goal. For example, would something 
> like below work?

  If you could describe in more detail what you're doing, we could help.

  Alan DeKok.

More information about the Freeradius-Users mailing list