aland at deployingradius.com
Mon Aug 23 22:31:55 CEST 2021
On Aug 23, 2021, at 2:51 PM, Adam Taylor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I have gone around and around with our FreeRadius server and I am at a lost for what is going on.
> The server at some point is replacing the username at ulm.edu (or username at warhawks.ulm.edu) with anonymous at ulm.edu> and saying "Login Ok"
It's not doing that.
> Here is the thing....it's not doing this for every account...it seems to be random. Here is the logs I see when it does it:
> Aug 23 16:08:11 ulm-radius1 radiusd: (8062025) Login OK: [laurencenr at warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67 via TLS tunnel)
> Aug 23 16:08:11 ulm-radius1 radiusd: (8062025) Login OK: [anonymous at warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67)
That means the client is running TTLS or PEAP. You get one log message for the outer session, and another one for the inner one.
> I can't seem to find where\when it is substituting anonymous in. Here is when someone else connects to the same SSID(uses same site config on radius):
It's not substituting "anonymous". The user is *sending* that as their name.
> Aug 23 18:46:45 ulm-radius1 radiusd: (8897019) Login OK: [vuvd at warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A via TLS tunnel)
> Aug 23 18:46:45 ulm-radius1 radiusd: (8897020) Login OK: [vuvd at warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A)
Because that user is sending "vuvd" for both the outer and inner sessions.
> So what in the world is happening and where is anonymous slipping in from? Since the last login is "Anonymous"...that's what the WiFi controller shows as a user name.
Yes. You can change that by editing sites-enabled/inner-tunnel. Look for the "post-auth" section:
# If you want the Access-Accept to contain the inner
# User-Name, uncomment the following lines.
And uncomment the next few lines.
> I can run debug and output that to you but that file gets HUGE very quickly as the server is production and quite busy. Was hoping someone would know at least where I could look. It's something with the inner/outer tunnels I think...I'm just not sure what/where or why.
It's relatively trivial to set up a test system. Please don't make changes to a production system before testing them. Bad things happen that way.
More information about the Freeradius-Users