Hey All, I have gone around and around with our FreeRadius server and I am at a lost for what is going on. The server at some point is replacing the username@ulm.edu<mailto:username@ulm.edu> (or username@warhawks.ulm.edu<mailto:username@warhawks.ulm.edu>) with anonymous@ulm.edu<mailto:anonymous@ulm.edu> and saying "Login Ok" Here is the thing....it's not doing this for every account...it seems to be random. Here is the logs I see when it does it: Aug 23 16:08:11 ulm-radius1 radiusd[17337]: (8062025) Login OK: [laurencenr@warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67 via TLS tunnel) Aug 23 16:08:11 ulm-radius1 radiusd[17337]: (8062025) Login OK: [anonymous@warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67) I can't seem to find where\when it is substituting anonymous in. Here is when someone else connects to the same SSID(uses same site config on radius): Aug 23 18:46:45 ulm-radius1 radiusd[17337]: (8897019) Login OK: [vuvd@warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A via TLS tunnel) Aug 23 18:46:45 ulm-radius1 radiusd[17337]: (8897020) Login OK: [vuvd@warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A) So what in the world is happening and where is anonymous slipping in from? Since the last login is "Anonymous"...that's what the WiFi controller shows as a user name. I can run debug and output that to you but that file gets HUGE very quickly as the server is production and quite busy. Was hoping someone would know at least where I could look. It's something with the inner/outer tunnels I think...I'm just not sure what/where or why. Thanks, Adam Taylor
On Aug 23, 2021, at 2:51 PM, Adam Taylor via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I have gone around and around with our FreeRadius server and I am at a lost for what is going on.
The server at some point is replacing the username@ulm.edu (or username@warhawks.ulm.edu) with anonymous@ulm.edu> and saying "Login Ok"
It's not doing that.
Here is the thing....it's not doing this for every account...it seems to be random. Here is the logs I see when it does it:
Aug 23 16:08:11 ulm-radius1 radiusd[17337]: (8062025) Login OK: [laurencenr@warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67 via TLS tunnel) Aug 23 16:08:11 ulm-radius1 radiusd[17337]: (8062025) Login OK: [anonymous@warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67)
That means the client is running TTLS or PEAP. You get one log message for the outer session, and another one for the inner one.
I can't seem to find where\when it is substituting anonymous in. Here is when someone else connects to the same SSID(uses same site config on radius):
It's not substituting "anonymous". The user is *sending* that as their name.
Aug 23 18:46:45 ulm-radius1 radiusd[17337]: (8897019) Login OK: [vuvd@warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A via TLS tunnel) Aug 23 18:46:45 ulm-radius1 radiusd[17337]: (8897020) Login OK: [vuvd@warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A)
Because that user is sending "vuvd" for both the outer and inner sessions.
So what in the world is happening and where is anonymous slipping in from? Since the last login is "Anonymous"...that's what the WiFi controller shows as a user name.
Yes. You can change that by editing sites-enabled/inner-tunnel. Look for the "post-auth" section: # # If you want the Access-Accept to contain the inner # User-Name, uncomment the following lines. # And uncomment the next few lines.
I can run debug and output that to you but that file gets HUGE very quickly as the server is production and quite busy. Was hoping someone would know at least where I could look. It's something with the inner/outer tunnels I think...I'm just not sure what/where or why.
It's relatively trivial to set up a test system. Please don't make changes to a production system before testing them. Bad things happen that way. Alan DeKok.
TY for the reply. I didn't think it was changing per say...but I couldn't figure out how "anonymous" was getting in there as I have tried on all my devices I have to test with and none of them send anonymous so I am not sure what combo is causing it. I just wanted to explain what I saw in the first message. That section you stated below is not in the "inner-tunnel" post-auth site section at all on my server. They are the default files with just what I need non-commented and/or modified. I forgot to mention the version running is 3.0.16 which is the most up to date version in Ubuntu's repos. Meant to put that in the first email. Sorry about that. I have two servers running in tandem so the secondary is basically my test system before I push a change to the primary. I wish more people would stop testing on primary production servers. It does cause bad days. :-) Thanks, Adam Taylor -----Original Message----- From: Alan DeKok <aland@deployingradius.com> Sent: Monday, August 23, 2021 3:32 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Cc: Adam Taylor <ataylor@ulm.edu> Subject: Re: Config Issue ULM CAUTION! This email was sent from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Aug 23, 2021, at 2:51 PM, Adam Taylor via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I have gone around and around with our FreeRadius server and I am at a lost for what is going on.
The server at some point is replacing the username@ulm.edu (or username@warhawks.ulm.edu) with anonymous@ulm.edu> and saying "Login Ok"
It's not doing that.
Here is the thing....it's not doing this for every account...it seems to be random. Here is the logs I see when it does it:
Aug 23 16:08:11 ulm-radius1 radiusd[17337]: (8062025) Login OK: [laurencenr@warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67 via TLS tunnel) Aug 23 16:08:11 ulm-radius1 radiusd[17337]: (8062025) Login OK: [anonymous@warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67)
That means the client is running TTLS or PEAP. You get one log message for the outer session, and another one for the inner one.
I can't seem to find where\when it is substituting anonymous in. Here is when someone else connects to the same SSID(uses same site config on radius):
It's not substituting "anonymous". The user is *sending* that as their name.
Aug 23 18:46:45 ulm-radius1 radiusd[17337]: (8897019) Login OK: [vuvd@warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A via TLS tunnel) Aug 23 18:46:45 ulm-radius1 radiusd[17337]: (8897020) Login OK: [vuvd@warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A)
Because that user is sending "vuvd" for both the outer and inner sessions.
So what in the world is happening and where is anonymous slipping in from? Since the last login is "Anonymous"...that's what the WiFi controller shows as a user name.
Yes. You can change that by editing sites-enabled/inner-tunnel. Look for the "post-auth" section: # # If you want the Access-Accept to contain the inner # User-Name, uncomment the following lines. # And uncomment the next few lines.
I can run debug and output that to you but that file gets HUGE very quickly as the server is production and quite busy. Was hoping someone would know at least where I could look. It's something with the inner/outer tunnels I think...I'm just not sure what/where or why.
It's relatively trivial to set up a test system. Please don't make changes to a production system before testing them. Bad things happen that way. Alan DeKok.
On Aug 23, 2021, at 4:57 PM, Adam Taylor <ataylor@ulm.edu> wrote:
TY for the reply. I didn't think it was changing per say...but I couldn't figure out how "anonymous" was getting in there as I have tried on all my devices I have to test with and none of them send anonymous so I am not sure what combo is causing it.
Again, the device is sending it. Because the device is configured to send it. No amount of poking FreeRADIUS will change this behaviour.
That section you stated below is not in the "inner-tunnel" post-auth site section at all on my server. They are the default files with just what I need non-commented and/or modified.
You can download the latest version from GitHub: https://github.com/FreeRADIUS/freeradius-server/
I forgot to mention the version running is 3.0.16 which is the most up to date version in Ubuntu's repos. Meant to put that in the first email. Sorry about that.
Install the *real* up to date packages from http://packages.networkradius.cok Alan DeKok.
participants (2)
-
Adam Taylor -
Alan DeKok