On Oct 18, 2024, at 7:29 AM, Eby Mani via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I'm having a strange problem, for one specific user, wireless system dashboard and radius accounting db show connected username as "anonymous".
That is the User-Name in the RADIUS packets.
User credentials are stored in database and Calling-Station-Id is used to prevent unauthorized devices from connecting. FreeRADIUS authentication logs are not enabled.
You're likely using PEAP / TTLS, and authenticating the user via the *inner* User-Name. Read the debug logs to see more.
On DB, user "anonymous" do not exist. The wireless system is configured to authenticate only with FreeRADIUS server. Changing Calling-Station-Id on radius db prevents this system from connecting.
I'm wondering how this is possible and where to check what is causing this.
It's how the protocols work. You will need to log the inner User-Name for the authentication session. Or, update the Access-Accept to contain Chargeable-User-Identity. See raddb/policy.d/cui Alan DeKok.