On 4 June 2017 12:46:59 BST, "Håvard Steen" <haavardsteen@gmail.com> wrote:
I have a clean Freeradius install v. 3.0.14, and so far just made a few config modifications and generated new certificates. My test user is added to users (.../raddb/users).
My task is to set up WPA enterprise. I'm testing with my iPhone, and it seems to work fine. But in the 'log' (radiusd -X output) the following
message appears:
(35) Virtual server inner-tunnel received request (35) EAP-Message = 0x027000061a03 (35) FreeRADIUS-Proxied-To = 127.0.0.1 (35) User-Name = "byod" (35) State = 0x9197e30a90e7f90d1e18c9ac6236626c (35) WARNING: Outer and inner identities are the same. User privacy is
compromised. (35) server inner-tunnel { (35) session-state: No cached attributes (35) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (35) authorize { (35) policy filter_username { (35)
This seems kind of bad, any ideas?
It's a warning to tell you that you are using the real identity for the anonymous identity, so your usernames are easy to find out, e.g. when proxying or by sniffing the network. -- Matthew