RES: RES: How does CUI works? How does anonymous works? Im lost
Alan DeKok
aland at deployingradius.com
Wed Jun 24 22:53:41 CEST 2020
On Jun 24, 2020, at 4:02 PM, Daniel Guimaraes Pena <daniel.pena at mpdft.mp.br> wrote:
> Talking to a user, I discovered how these outer users appears: configuring androids anonymous identity (obvius, I know, but I never tried it)
Why doesn't Google do the right thing by default <sigh>. It's not like this was documented a decade ago.
> Well, as I can't force them to left this field empty, I have to discover why these 0,1% is not working.
>
> Here is tow logs: working and one not working (at the botton, if needed, my inner-tunnel e default site-enabled)
There's no need to post working logs, or configuration files. They don't help 99.9% of the time.
> ============== DEBUG FOR !!!!NOT WORKING!!!! PACKET ============
> ...
> (11057) Sent Access-Accept Id 148 from 10.34.242.3:1812 to 10.34.27.220:3489 length 0
> (11057) MS-MPPE-Recv-Key = 0xbafc3f0b8b2ee70c827cea2182df7129b67364884f6e0fa5221f8dbbd5ce911c
> (11057) MS-MPPE-Send-Key = 0x70a6a9086da56a737960ddfdc624c60cd5cbcf5de4e547b0691b74df50815224
> (11057) EAP-Message = 0x03090004
> (11057) Message-Authenticator = 0x00000000000000000000000000000000
> (11057) User-Name += "denisson.magalhaes"
That works.
> (11057) Finished request
> (11058) Received Accounting-Request Id 149 from 10.34.27.220:3491 to 10.34.242.3:1813 length 144
> (11058) Acct-Session-Id = "38D550D0-00000013"
> (11058) Acct-Status-Type = Start
> (11058) Acct-Authentic = RADIUS
> (11058) User-Name = "mpdft"
The NAS is ignoring the request to use the User-Name from the Access-Accept. Throw the NAS in the garbage and buy one that works.
i.e. no amount of poking FreeRADIUS will make a broken NAS do the right thing.
Alan DeKok.
More information about the Freeradius-Users
mailing list