anonymous user when proxying
Olivier Beytrison
olivier at heliosnet.org
Wed Feb 13 15:52:36 CET 2013
On 13.02.2013 15:46, Hocine M wrote:
> Hi,
>
> Some user who are proxied (eduroam) are acconted with username =
> anonymous at realm
> I don't want to have anonymous user in my database, do i have to reject
> anonymous users in post-proxy section or there is something to do to
> force user to use inner identity?
>
If this is a remote user connected within your institution, and the home
radius does NOT copy the inner identity to the outer tunnel, then you
won't be able to know the real username of the user.
You *could* reject users with an outer identity of anonymous at realm or
just @realm, but you would not be eduroam-compliant anymore.
for ref : https://confluence.terena.org/display/H2eduroam/eduroam+IdP
second section, Anonymous outer identites
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mobile: +41 (0)78 619 73 53
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list