WARNING: Outer and inner identities are the same. User privacy is compromised.

[Alan Buxey]

its a warning that you might be interested in - as it says '"WARNING:
Outer and inner identities are the same.  User privacy is
compromised." - so, if the outer, readable
by others on the transit, identity is the same as the inner (securely
tunnelled attribute), then since the inner ID *is* the ID for
authentication, then the outer ID contains
that same value and thus others will know the real userID of the user.
  now, you may not care about privacy/anonymity of the user at remote
locations...if you do
then you should care about this warning and ensure that the outer ID
is eg just @realm  rather than userid at realm - or, second best
anonymous at realm for the outerID

alan

On 4 June 2017 at 12:46, Håvard Steen <haavardsteen at gmail.com> wrote:
> I have a clean Freeradius install v. 3.0.14, and  so far just made a few
> config modifications and generated new certificates.  My test user is added
> to users (.../raddb/users).
>
> My task is to set up WPA enterprise.  I'm testing with my iPhone, and it
> seems to work fine.  But in the 'log' (radiusd -X output) the following
> message appears:
>
> (35) Virtual server inner-tunnel received request
> (35)   EAP-Message = 0x027000061a03
> (35)   FreeRADIUS-Proxied-To = 127.0.0.1
> (35)   User-Name = "byod"
> (35)   State = 0x9197e30a90e7f90d1e18c9ac6236626c
> (35) WARNING: Outer and inner identities are the same.  User privacy is
> compromised.
> (35) server inner-tunnel {
> (35)   session-state: No cached attributes
> (35)   # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> (35)     authorize {
> (35)       policy filter_username {
> (35)
>
> This seems kind of bad, any ideas?
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html