How to Reject Anonymous Identity
aland at deployingradius.com
Fri Nov 2 17:15:33 CET 2018
On Nov 2, 2018, at 12:08 PM, Selahattin Cilek <selahattin_cilek at hotmail.com> wrote:
> I use FreeRADIUS 3.0.17 to provide services on a site. Ever since I
> stepped into the world of RADIUS, I have been dealing with the issue of
> "anonymous" users.
What do you mean by anonymous users?
The normal operation is to only authenticate *known* users. Everyone else is unknown, and un-authenticated.
> I have been abusing the *Class* attribute work around
> the problem, but after some deliberation, I've decided that it would be
> best if I could reject anonymous users right away.
Perhaps there's debug output you could share...
> Currently, this store procedure can check if a user with a given name
> exists in the database, and if not, return *0* to make FreeRADIUS to
> reject access to that user.
The default *is* to reject unknown users. So if your system is allowing unknown users, then it's because of local changes you made to allow that.
> What I'd like to know though is that if there is a better, more elegant
> FreeRADIUSy way of achieving the same goal. For example, would something
> like below work?
If you could describe in more detail what you're doing, we could help.
More information about the Freeradius-Users