Question on anonymous identity

Stefan Winter stefan.winter at
Mon Jan 11 08:59:16 CET 2016


> Windows Phone (8.1): It's so often-seen one, but it exists. Configuring
> an anonymous identity or CA/common names in the UI on a real Windows
> Phone I've had my hands on: Not available on the UI, same as with iOS.
> In contrast to Apple's way I haven't found a compareable documentation
> how a config file woud look like, but only how it can be provisioned via
> MS System Center products... (maybe I'm wrong here, so bare with me)

As much as I know, the config format is pretty much identical to the
Windows Desktop versions:

But the catch here is that the config file will only be *accepted* by
the phone when the device is actually in MDM managed mode. I.e. "just"
sending the config file to an unmanaged device will make it do nothing :-(

That situation may have changed recently... I'd be very happy to be told
I'm wrong :-) eduroam CAT and could be
equipped with a matching module in no time...


Stefan Winter

> [...]
>>  If the vendor doesn't *default* to anonymous outer identities, please also tell the list.
> In case of iOS (9.2) for example when it isn't explicitely configured
> via a .mobileconfig to use an anonymous identity I haven't seen the
> device not sending the user name in FreeRADIUS debug mode. If it is
> configured by a .mobileconfig I can see the configured anonymous
> identity first, then the user name in the inner-tunnel phase.
> Maybe iOS behaves differently if a realm is appended to the user name,
> this setup I checkd against verified AD samaccountname without a realm.
> i.e. eduroam mandates to append a realm from what I found.
> -- Mathieu
> -
> List info/subscribe/unsubscribe? See

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list