Hi, A question surfaced recently while I was reworking a configuration: By building 3.0 from source I saw that the upcoming 3.0.11 will be actively logging that anonymous identities should be used* to protect identities. I'm not with eduroam, but try to keep an eye on what participating institutions and others recommend. I see they generally tell users to set one (where possible). The profile data from cat.eduroam.org also contains one. We always recommended students to set an anonymous identity and profiles/config tools given to them would set it for them, but it wasn't actively enforced. If the device wasn't configured for sending an anonymous identity it would still let the device in, if inner-tunnel authentication and authorization requirements passed.** So, what is the current take: Would you / Do you (recommend) enforcing the use of an anonymous identity, resulting in Access-Reject? Do most enduser wireless devices finally support setting an anonymous identity these days? Thanks in advance Mathieu * https://github.com/FreeRADIUS/freeradius-server/commit/ec5cb167dd1de6d3c8e75...