its a warning that you might be interested in - as it says '"WARNING: Outer and inner identities are the same. User privacy is compromised." - so, if the outer, readable by others on the transit, identity is the same as the inner (securely tunnelled attribute), then since the inner ID *is* the ID for authentication, then the outer ID contains that same value and thus others will know the real userID of the user. now, you may not care about privacy/anonymity of the user at remote locations...if you do then you should care about this warning and ensure that the outer ID is eg just @realm rather than userid@realm - or, second best anonymous@realm for the outerID alan On 4 June 2017 at 12:46, HÃ¥vard Steen <haavardsteen@gmail.com> wrote:
I have a clean Freeradius install v. 3.0.14, and so far just made a few config modifications and generated new certificates. My test user is added to users (.../raddb/users).
My task is to set up WPA enterprise. I'm testing with my iPhone, and it seems to work fine. But in the 'log' (radiusd -X output) the following message appears:
(35) Virtual server inner-tunnel received request (35) EAP-Message = 0x027000061a03 (35) FreeRADIUS-Proxied-To = 127.0.0.1 (35) User-Name = "byod" (35) State = 0x9197e30a90e7f90d1e18c9ac6236626c (35) WARNING: Outer and inner identities are the same. User privacy is compromised. (35) server inner-tunnel { (35) session-state: No cached attributes (35) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel (35) authorize { (35) policy filter_username { (35)
This seems kind of bad, any ideas? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html