Hi, I apologize in advance I know that this is not a question about freeradius server, but here I think I have a better chance to find the answer. I need to check the realm of incoming radius requests and I have setup with EAP-TLS. Android provide a way to specify the anonymous identity and include into it realm value but Apple devices seem to use CN field from cert as username and as anonymous username. So I just want to check with a community that I am correct in my observation that Apple devices use CN as an anonymous identity. Maybe someone can confirm it. Apple documentation saying next about anonymous identity. --- "Optional. This key is only relevant to TTLS, PEAP, and EAP-FAST. This allows the user to hide his or her identity. The userʼs actual name appears only inside the encrypted tunnel. For example, it could be set to ”anonymous” or ”anon”, or ”anon@mycompany.net”. It can increase security because an attacker canʼt see the authenticating userʼs name in the clear. " --- Best regards Vladimir