Question on anonymous identity

Mathieu Simon (Lists) matsimon.lists at
Thu Jan 7 07:11:12 CET 2016


A question surfaced recently while I was reworking a configuration:

By building 3.0 from source I saw that the upcoming 3.0.11 will be
actively logging that anonymous identities should be used* to protect

I'm not with eduroam, but try to keep an eye on what participating
institutions and others recommend. I see they generally tell users to
set one (where possible). The profile data from also
contains one.

We always recommended students to set an anonymous identity and
profiles/config tools given to them would set it for them, but it wasn't
actively enforced. If the device wasn't configured for sending an
anonymous identity it would still let the device in, if inner-tunnel
authentication and authorization requirements passed.**

So, what is the current take: Would you / Do you (recommend) enforcing
the use of an anonymous identity, resulting in Access-Reject?

Do most enduser wireless devices finally support setting an anonymous
identity these days?

Thanks in advance


More information about the Freeradius-Users mailing list