freeradius seeing anonymous identity as username
sebastian buettrich
sebastian at less.dk
Thu Jul 11 10:39:55 CEST 2013
hello all,
not really a problem, just a question out of interest:
i m reconfiguring a freeradius server for eduroam and extended use of
rlm_perl for all kinds of fun stuff,
and when testing, i notice that all requests containing an anonymous
identity
@mydomain.org
(regardless of where they come from, a real AP or local eapol_test)
appear to freeradius as User-Name, i.e.
freeradius does not make a difference (?) between
anon identity
and
username
is this expected behaviour, the way anonymous identities are
implemented,
or a sign of some misconfiguration,
e.g. someone trying to take care of something that really should just be
passed on?
it seems to happen before any site configurations are being processed -
see debug output and log below.
it doesnt do any damage .. just wondering.
thanks everybody on the list for sharing,
cheers,
sebastian
======================================================================
output of radiusd -Xx
--------------------------------
Thu Jul 11 10:23:40 2013 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 39508, id=0,
length=125
User-Name = "@mydomain.org"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "CA-FF-EE-00-00"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
...
Thu Jul 11 10:23:43 2013 : Info: # Executing section authorize from
file /etc/raddb/sites-enabled/default
Thu Jul 11 10:23:43 2013 : Info: +- entering group authorize {...}
Thu Jul 11 10:23:43 2013 : Info: ++[preprocess] returns ok
log file:
--------------------------------
Thu Jul 11 10:28:37 2013 : Auth: Login OK: [username/<via Auth-Type =
EAP>] (from client local port 0 via TLS tunnel)
Thu Jul 11 10:28:37 2013 : Auth: Login OK: [@mydomain.org/<via Auth-Type
= EAP>] (from client local port 0 cli CA-FF-EE-00-00)
More information about the Freeradius-Users
mailing list