WARNING: Outer and inner identities are the same. User privacy is compromised.

Matthew Newton matthew at newtoncomputing.co.uk
Sun Jun 4 14:59:56 CEST 2017



On 4 June 2017 12:46:59 BST, "Håvard Steen" <haavardsteen at gmail.com> wrote:
>I have a clean Freeradius install v. 3.0.14, and  so far just made a
>few 
>config modifications and generated new certificates.  My test user is 
>added to users (.../raddb/users).
>
>My task is to set up WPA enterprise.  I'm testing with my iPhone, and
>it 
>seems to work fine.  But in the 'log' (radiusd -X output) the following
>
>message appears:
>
>(35) Virtual server inner-tunnel received request
>(35)   EAP-Message = 0x027000061a03
>(35)   FreeRADIUS-Proxied-To = 127.0.0.1
>(35)   User-Name = "byod"
>(35)   State = 0x9197e30a90e7f90d1e18c9ac6236626c
>(35) WARNING: Outer and inner identities are the same.  User privacy is
>
>compromised.
>(35) server inner-tunnel {
>(35)   session-state: No cached attributes
>(35)   # Executing section authorize from file 
>/usr/local/etc/raddb/sites-enabled/inner-tunnel
>(35)     authorize {
>(35)       policy filter_username {
>(35)
>
>This seems kind of bad, any ideas?

It's​ a warning to tell you that you are using the real identity for the anonymous identity, so your usernames are easy to find out, e.g. when proxying or by sniffing the network.

-- 
Matthew



More information about the Freeradius-Users mailing list