anonymous user when proxying

A.L.M.Buxey at A.L.M.Buxey at
Wed Feb 13 17:09:32 CET 2013


>    Some user who are proxied (eduroam) are acconted with username =
>    anonymous at realm
>    I don't want to have  anonymous user in my database, do i have to reject
>    anonymous users in post-proxy section or there is something to do to force
>    user to use inner identity?

anonymous outer identities are perfectly legal and valid in 802.1X environments
with remote proxying - eg eduroam.

if you block/reject suers who have an anonymous outerID then you are in violation
of eduroam rules . users with JUST  @realm as their outerID are also 100% valid (!)

you need to investigate CUI (Chargeable-User-Identity) as thats EXACTLY what that attribute
is for - to identify users based on something other than their outerID or Calling-Station-Id
(both of which they can change!).


More information about the Freeradius-Users mailing list