Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0

Robert Franklin rcf34 at
Mon Jun 2 14:56:19 CEST 2014

On 2 Jun 2014, at 11:41, Rui Ribeiro <ruyrybeyro at> wrote:

> About this issue, I remember we having problems in the past with some Android and Linux devices where in the configuration you had to fill up the anonymous login field, or else it would not authenticate if that field was blank. 
> At that time, I instructed our helpdesk to fill it up with the login of the user.

In this case, the user has not filled in the outer username as anonymous and the phone is just using username at (which you can see in the raddebug).

The EAP tunnel doesn't get established as things stop before then, so we haven't even checked the inner username yet.

Our local policy insists that the outer username must either be the inner username OR empty (i.e. "").  We do not allow anything local "anonymous at", although that would be rejected later.

[The policy is that you can either keep your identity secret, or disclose it, but you can't send anything misleading, including "anonymous", which we don't special case.]

This issue does got logged with a specific message so we can see it happens.  I've never had it reported as an issue, though (it's a Reply-Message, which most users wouldn't see).

  - Bob

Bob Franklin   rcf34 at / +44 1223 748479
Networks, University Information Services, University of Cambridge

More information about the Freeradius-Users mailing list