Problem with Anonymous Identity
aland at deployingradius.com
Sat Jul 10 15:04:52 CEST 2021
On Jul 10, 2021, at 6:36 AM, Vincent 珉 Hua 华 <vincenthua at hotmail.com> wrote:
> We are on FreeRADIUS v.3.0.19 with MYSQL. When Anonymous Identity is configured on the client for PEAP authentication, it will fail.
Anonymous identity is for the *outer* authentication session. Not the inner-tunnel.
> Server log (please see below) shows
We need the FULL DEBUG OUTPUT.
> that the RADIUS service didn’t use the real username when comparing the username and password. Instead, the Anonymous Identity was used to compare against the database which caused the authentication to fail. However, if we do not use the Anonymous Identity, then it will pass.
You've completely misunderstood how RADIUS works.
The *client* is sending the identities. FreeRADIUS just received them. So it's wrong to say "the RADIUS server doesn't use...". It's really "the RADIUS server doesn't RECEIVE ..."
Which puts the blame where it belongs: the client.
Of course, it's possible that you edited the default configuration and broke things. But we don't know that, because you didn't say what you did, and you didn't post the full debug output.
> Does anyone know how to authenticate with Anonymous Identity configured?
Configure the client properly. Post the FULL DEBUG OUTPUT.
> I have a portion of the log below for your reference. “aIdentity” is the configured Anonymous Identity and “test” is the real username.
> Thanks in advance! Any help or hint would be greatly appreciated!
All of the documentation say POST THE FULL DEBUG OUTPUT. I have no idea why people ignore that.
More information about the Freeradius-Users