"anonymous" user connected to wireless
Alan DeKok
aland at deployingradius.com
Fri Oct 18 12:06:16 UTC 2024
On Oct 18, 2024, at 7:29 AM, Eby Mani via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm having a strange problem, for one specific user, wireless system dashboard and radius accounting db show connected username as "anonymous".
That is the User-Name in the RADIUS packets.
> User credentials are stored in database and Calling-Station-Id is used to prevent unauthorized devices from connecting. FreeRADIUS authentication logs are not enabled.
You're likely using PEAP / TTLS, and authenticating the user via the *inner* User-Name. Read the debug logs to see more.
> On DB, user "anonymous" do not exist. The wireless system is configured to authenticate only with FreeRADIUS server. Changing Calling-Station-Id on radius db prevents this system from connecting.
>
> I'm wondering how this is possible and where to check what is causing this.
It's how the protocols work.
You will need to log the inner User-Name for the authentication session. Or, update the Access-Accept to contain Chargeable-User-Identity. See raddb/policy.d/cui
Alan DeKok.
More information about the Freeradius-Users
mailing list