Revisiting June 4, 2017 thread, "WARNING: Outer and inner identities are the same."

Alan Buxey alan.buxey at gmail.com
Thu Dec 21 00:39:01 CET 2017


There's an XML format that is being worked on to hopefully become an IETF
standard with RFC etc. Just waiting for the players to all come to the
table and agree :)

alan


On 20 Dec 2017 8:11 pm, "Brian Julin" <BJulin at clarku.edu> wrote:

>
> MS clients can anonymize the username portion via the "Identity Privacy"
> checkbox.
>
> The problem is getting that and other critical settings onto the client in
> unmanaged
> settings.  MS and Android really need to be pressured into allowing
> installation of
> Apple's mobileconfig files (and Apple into enhancing the mobileconfig a
> bit and restoring
> the UI for use cases where mobileconfigs won't work).  Apple beat them to
> the punch,
> they should just admit it.
>
> But there's too much corporate pride in the way.  They could all provide
> their own
> formats that don't rely on an onerously complicated business suite (AD
> GPO, or "G Suite"
> in Google's case) but I'm not holding my breath for that.
>
> Best case I can actually vidualize happening is that .11u eventually gets
> bells and whistles
> that solve all our problems, once all the WIFi devices that choke up on
> long beacons
> are cutting the bare feet of 6 year old Ghanan scrap harvesters.
>
> ________________________________________
> From: Freeradius-Users <freeradius-users-bounces+bjulin=clarku.edu at lists.
> freeradius.org> on behalf of David Hendricks <dahendricks1 at gmail.com>
> Sent: Wednesday, December 20, 2017 2:40 PM
> To: FreeRadius users mailing list
> Subject: Re: Revisiting June 4, 2017 thread, "WARNING: Outer and inner
> identities are the same."
>
> I see. I notice that a Samsung phone gives a login option for "Anonymous
> identity" that doesn't seem to be provided for a Microsoft client. So we
> need to get on Microsoft, right?
>
> On Wed, Dec 20, 2017 at 2:31 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > On Dec 20, 2017, at 2:18 PM, David Hendricks <dahendricks1 at gmail.com>
> > wrote:
> > >
> > > Forgive me. I have the same issue as mentioned in the June 4, 2017
> > archived
> > > thread. It seems to me the issue is explained but not how to fix it.
> > >
> > > Question: Which file must be edited and in which manner to eliminate
> this
> > > warning about user privacy being compromised due to the same outer and
> > > inner identities?
> >
> >   You don't.
> >
> >   Both inner and outer identities are supplied by the user who is
> > authenticating.  You can't (or at least shouldn't) edit them on the
> server.
> >
> >   The warning is there to indicate that the client MAY be misconfigured.
> > The solution is to fix the client, or failing that, ignore the warning.
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list