Revisiting June 4, 2017 thread, "WARNING: Outer and inner identities are the same."

David Hendricks dahendricks1 at gmail.com
Wed Dec 20 20:18:12 CET 2017


Forgive me. I have the same issue as mentioned in the June 4, 2017 archived
thread. It seems to me the issue is explained but not how to fix it.

Question: Which file must be edited and in which manner to eliminate this
warning about user privacy being compromised due to the same outer and
inner identities?

Details: 3.0.15 FreeRADIUS build, in a lab environment. My only edits are
to add a user, add a client, and make fresh certificates. The NAS is an
Aruba 7005 wireless controller. Authentication succeeds if I configure the
client not to validate the certificate, but I see this in the freeradius -X
output:

(7)   authenticate {
(7) eap: Expiring EAP session with state 0xf00edcbdf607c57b
(7) eap: Finished EAP session with state 0xf00edcbdf607c57b
(7) eap: Previous EAP request found for state 0xf00edcbdf607c57b, released
from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: [eaptls verify] = ok
(7) eap_peap: Done initial handshake
(7) eap_peap: [eaptls process] = ok
(7) eap_peap: Session established.  Decoding tunneled attributes
(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(7) eap_peap: Identity - guest123
(7) eap_peap: Got inner identity 'guest123'
(7) eap_peap: Setting default EAP type for tunneled EAP session
(7) eap_peap: Got tunneled request
(7) eap_peap:   EAP-Message = 0x0209000d016775657374313233
(7) eap_peap: Setting User-Name to guest123
(7) eap_peap: Sending tunneled request to inner-tunnel
(7) eap_peap:   EAP-Message = 0x0209000d016775657374313233
(7) eap_peap:   FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap:   User-Name = "guest123"
(7) Virtual server inner-tunnel received request
(7)   EAP-Message = 0x0209000d016775657374313233
(7)   FreeRADIUS-Proxied-To = 127.0.0.1
(7)   User-Name = "guest123"
(7) WARNING: Outer and inner identities are the same.  User privacy is
compromised.


More information about the Freeradius-Users mailing list