Two different user-names while using computer authentification with client certificate

Alan DeKok aland at deployingradius.com
Tue Jan 28 15:54:06 CET 2020


On Jan 28, 2020, at 9:36 AM, uj2.hahn at posteo.de wrote:
> I have a question just for my understanding.
> I installed a Radius client certificate (RadiusClient) on a Win10 client and enabled user authentification
> on this WLAN profile. This all works fine.

  That's good.

> Just for my education I switched the client WLAN profile to computer (!) authentification (instead of user),
> just to see what will happen with freeradius.

  FreeRADIUS just processes packets it receives.  It does NOT create those packets, or any information in them.

> Now the User-Name is the real PC hostname "host/DESKTOP-FLOQN5Q".
> So it seems the outer and the inner tunnel see different User-Names.
> Is this on intention?

  Ask Microsoft how their software works.

  FreeRADIUS just reports on what it sees.  It does not (and can not) cause the Windows system to send different User-Names.

> Any chance to have one User-Name only, e.g. the client certificate name: RadiusClient.

  Ask Microsoft how to configure their software.

  If you receive an email from someone, you're not responsible for the contents.  The sender is responsible.  The same applies here.

  Alan DeKok.




More information about the Freeradius-Users mailing list