outer identity anonymous is being rejected

Godfrey Peart grpeart at googlemail.com
Tue Feb 10 02:03:18 CET 2009

My FR 2.1 is set to authenticate users via PEAP + EAP-TTLS, this works  fine
but some users are being rejected
 because their wireless client allows the setting of an outer identity:
anonymous or something else, which is not a valid username.
So it's being rejected. How do I get the inner identity which contains a
valid username to be processed instead of the outer identity.
 I've seen some posts about using* Autz-type INNER* options but have merely
succeded in breaking my test system when tryng it out.

At present this is my users file:

#If you are not in either group, no access is allowed
#FreeRADIUS 2.1

#These are the groups we are checking for Lunar Building staff
DEFAULT         Ldap-Group == "lunar-staff"
                       Aruba-User-Role = "employee"

DEFAULT         Ldap-Group == "lunar-member"
                       Aruba-User-Role = "member"

DEFAULT         SQL-Group == "Guests"
                       Aruba-User-Role = "guest"

DEFAULT         Ldap-group != "lunar-staff", Auth-Type := Reject
DEFAULT         Ldap-group != "lunar-member", Auth-Type := Reject

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090210/ae8e79c8/attachment.html>

More information about the Freeradius-Users mailing list