EAP tunnel username problem
ST Wong (ITSC)
ST at itsc.cuhk.edu.hk
Wed Mar 29 08:30:18 UTC 2023
Seems someone crafted the outer identity to some value different from the inner identity in the EAP client...
Thanks.
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+st=itsc.cuhk.edu.hk at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Tuesday, March 28, 2023 4:01 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: EAP tunnel username problem
On Mar 28, 2023, at 4:45 PM, ST Wong (ITSC) <ST at itsc.cuhk.edu.hk> wrote:
>
> We're running freeRADIUS 3.0.21 for 802.1x authentication. It works all the time. However, we note that occasionally in log entries for successful login, the username logged by default site is different from the real username,e.g.
>
>
> 1. Username changed to "user" while domain part remains unchanged:
>
> Wed Mar 22 17:28:20 2023 : Auth: (23249490) Login OK: [skywalker at mydomain.hk] (from client ctrl01 port 0 via TLS tunnel)
> Wed Mar 22 17:28:20 2023 : Auth: (23249491) Login OK: [user at mydomain.hk] (from client ctrl01 port 0 cli 67A2ED8ECBAF)
Read the debug log to see what the server is doing.
Nothing in in the default configuration does these kinds of edits.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list