Revisiting June 4, 2017 thread, "WARNING: Outer and inner identities are the same."

Brian Julin BJulin at
Wed Dec 20 21:11:35 CET 2017

MS clients can anonymize the username portion via the "Identity Privacy" checkbox.

The problem is getting that and other critical settings onto the client in unmanaged
settings.  MS and Android really need to be pressured into allowing installation of
Apple's mobileconfig files (and Apple into enhancing the mobileconfig a bit and restoring
the UI for use cases where mobileconfigs won't work).  Apple beat them to the punch,
they should just admit it.

But there's too much corporate pride in the way.  They could all provide their own
formats that don't rely on an onerously complicated business suite (AD GPO, or "G Suite"
in Google's case) but I'm not holding my breath for that.

Best case I can actually vidualize happening is that .11u eventually gets bells and whistles
that solve all our problems, once all the WIFi devices that choke up on long beacons
are cutting the bare feet of 6 year old Ghanan scrap harvesters.

From: Freeradius-Users < at> on behalf of David Hendricks <dahendricks1 at>
Sent: Wednesday, December 20, 2017 2:40 PM
To: FreeRadius users mailing list
Subject: Re: Revisiting June 4, 2017 thread, "WARNING: Outer and inner identities are the same."

I see. I notice that a Samsung phone gives a login option for "Anonymous
identity" that doesn't seem to be provided for a Microsoft client. So we
need to get on Microsoft, right?

On Wed, Dec 20, 2017 at 2:31 PM, Alan DeKok <aland at>

> On Dec 20, 2017, at 2:18 PM, David Hendricks <dahendricks1 at>
> wrote:
> >
> > Forgive me. I have the same issue as mentioned in the June 4, 2017
> archived
> > thread. It seems to me the issue is explained but not how to fix it.
> >
> > Question: Which file must be edited and in which manner to eliminate this
> > warning about user privacy being compromised due to the same outer and
> > inner identities?
>   You don't.
>   Both inner and outer identities are supplied by the user who is
> authenticating.  You can't (or at least shouldn't) edit them on the server.
>   The warning is there to indicate that the client MAY be misconfigured.
> The solution is to fix the client, or failing that, ignore the warning.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> list/users.html
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list