filter anonymous identity

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Mon May 25 19:28:26 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ivan Kalik wrote:
>> Hello, on radius 1.1.x I have some users autenticating using an
>> outer identity. This is annoying to me because in the radius.log
>> file I cannot identify easily who is the real user autenticating,
>>  since outer identity can be anything. How can I forbid in
>> freeradius configuration to use an outer identity or anonymous ?
>> I wish to forbid autentications which uses an outer identity.
>> howto have control over it ?
>
> You can't stop them using anonimous outer identity. You should copy
> inner identity and send it in Access-Accept. Upgrade. It's easy in
> current version.
>
> Ivan Kalik Kalik Informatika ISP
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
In freeradius 2.* insert

if("%{outer.request:User-Name}" != "%{User-Name}){
    reject
}

Into the inner server.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoa1ToACgkQcaklux5oVKK94ACfY733EzLC/6I1BEuUin7hI2wo
uh4An1jq9oa9dNIJG4nnhikZXMaO1d+p
=phr8
-----END PGP SIGNATURE-----




More information about the Freeradius-Users mailing list