Problem with Anonymous Identity

[Alan DeKok]

On Jul 10, 2021, at 6:36 AM, Vincent 珉 Hua 华 <vincenthua at hotmail.com> wrote:
> We are on FreeRADIUS v.3.0.19 with MYSQL. When Anonymous Identity is configured on the client for PEAP authentication, it will fail.

  Anonymous identity is for the *outer* authentication session.  Not the inner-tunnel.

> Server log (please see below) shows

  Nothing useful.

  Read http://wiki.freeradius.org/list-help

  We need the FULL DEBUG OUTPUT.

> that the RADIUS service didn’t use the real username when comparing the username and password. Instead, the Anonymous Identity was used to compare against the database which caused the authentication to fail. However, if we do not use the Anonymous Identity, then it will pass.

  You've completely misunderstood how RADIUS works.

  The *client* is sending the identities.  FreeRADIUS just received them.  So it's wrong to say "the RADIUS server doesn't use...".  It's really "the RADIUS server doesn't RECEIVE ..."

  Which puts the blame where it belongs: the client.

  Of course, it's possible that you edited the default configuration and broke things.  But we don't know that, because you didn't say what you did, and you didn't post the full debug output.

> Does anyone know how to authenticate with Anonymous Identity configured?

  Configure the client properly.  Post the FULL DEBUG OUTPUT.

> I have a portion of the log below for your reference. “aIdentity” is the configured Anonymous Identity and “test” is the real username.
> 
> Thanks in advance! Any help or hint would be greatly appreciated!

  All of the documentation say POST THE FULL DEBUG OUTPUT.  I have no idea why people ignore that.

  Alan DeKok.