anonymous user when proxying

Olivier Beytrison olivier at heliosnet.org
Wed Feb 13 15:52:36 CET 2013


On 13.02.2013 15:46, Hocine M wrote:
> Hi,
> 
> Some user who are proxied (eduroam) are acconted with username =
> anonymous at realm
> I don't want to have  anonymous user in my database, do i have to reject
> anonymous users in post-proxy section or there is something to do to
> force user to use inner identity?
> 

If this is a remote user connected within your institution, and the home
radius does NOT copy the inner identity to the outer tunnel, then you
won't be able to know the real username of the user.

You *could* reject users with an outer identity of anonymous at realm or
just @realm, but you would not be eduroam-compliant anymore.

for ref : https://confluence.terena.org/display/H2eduroam/eduroam+IdP
second section, Anonymous outer identites

Olivier
-- 

 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mobile: +41 (0)78 619 73 53
 Mail: olivier at heliosnet.org


More information about the Freeradius-Users mailing list