FreeRadius unauthorized access

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Sat Feb 1 20:37:01 CET 2014


>If the outer identity name is not valid >then why does FR log "Login OK" 
>and under what situation would I see >one without the other?

Because the outer id means nothing really.  You can't really trust it as it can be manipulated.  In most systems is just used to get the request to the correct RADIUS for authentication. ... The server that the client expects to be talking to/trusts. If you don't like your current visibility then use linelog and log the inner/outer on your own chosen logging format. 

>Is it possible to set the inner/outer >identity to be different just 
>using a regular client OS?

In all modern OSes yes.  Certainly.  This question suggests that you haven't looked at the client end of the system?

alan
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140201/4b406f89/attachment.html>


More information about the Freeradius-Users mailing list