ataylor at ulm.edu
Mon Aug 23 22:57:13 CEST 2021
TY for the reply. I didn't think it was changing per say...but I couldn't figure out how "anonymous" was getting in there as I have tried on all my devices I have to test with and none of them send anonymous so I am not sure what combo is causing it. I just wanted to explain what I saw in the first message.
That section you stated below is not in the "inner-tunnel" post-auth site section at all on my server. They are the default files with just what I need non-commented and/or modified.
I forgot to mention the version running is 3.0.16 which is the most up to date version in Ubuntu's repos. Meant to put that in the first email. Sorry about that.
I have two servers running in tandem so the secondary is basically my test system before I push a change to the primary. I wish more people would stop testing on primary production servers. It does cause bad days. :-)
From: Alan DeKok <aland at deployingradius.com>
Sent: Monday, August 23, 2021 3:32 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Cc: Adam Taylor <ataylor at ulm.edu>
Subject: Re: Config Issue
ULM CAUTION! This email was sent from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On Aug 23, 2021, at 2:51 PM, Adam Taylor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I have gone around and around with our FreeRadius server and I am at a lost for what is going on.
> The server at some point is replacing the username at ulm.edu (or username at warhawks.ulm.edu) with anonymous at ulm.edu> and saying "Login Ok"
It's not doing that.
> Here is the thing....it's not doing this for every account...it seems to be random. Here is the logs I see when it does it:
> Aug 23 16:08:11 ulm-radius1 radiusd: (8062025) Login OK: [laurencenr at warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67 via TLS tunnel)
> Aug 23 16:08:11 ulm-radius1 radiusd: (8062025) Login OK: [anonymous at warhawks.ulm.edu] (from client wireless port 500 cli F0-1D-BC-AB-35-67)
That means the client is running TTLS or PEAP. You get one log message for the outer session, and another one for the inner one.
> I can't seem to find where\when it is substituting anonymous in. Here is when someone else connects to the same SSID(uses same site config on radius):
It's not substituting "anonymous". The user is *sending* that as their name.
> Aug 23 18:46:45 ulm-radius1 radiusd: (8897019) Login OK: [vuvd at warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A via TLS tunnel)
> Aug 23 18:46:45 ulm-radius1 radiusd: (8897020) Login OK: [vuvd at warhawks.ulm.edu] (from client wireless port 256 cli 30-4B-07-5C-D9-7A)
Because that user is sending "vuvd" for both the outer and inner sessions.
> So what in the world is happening and where is anonymous slipping in from? Since the last login is "Anonymous"...that's what the WiFi controller shows as a user name.
Yes. You can change that by editing sites-enabled/inner-tunnel. Look for the "post-auth" section:
# If you want the Access-Accept to contain the inner
# User-Name, uncomment the following lines.
And uncomment the next few lines.
> I can run debug and output that to you but that file gets HUGE very quickly as the server is production and quite busy. Was hoping someone would know at least where I could look. It's something with the inner/outer tunnels I think...I'm just not sure what/where or why.
It's relatively trivial to set up a test system. Please don't make changes to a production system before testing them. Bad things happen that way.
More information about the Freeradius-Users