"anonymous" user connected to wireless
Alan DeKok
aland at deployingradius.com
Wed Oct 23 14:45:01 UTC 2024
On Oct 23, 2024, at 9:26 AM, Eby Mani <eby_km at yahoo.com> wrote:
> User in remote office, only connects wireless in meeting room with customers. User is rarely in office, hence i can't run in debug mode for indefinite period of time.
See raddebug. It's possible to turn on debug mode temporarily.
But it's not really needed.
> > I explained why it happens, and what you can do to fix it.
> > > You will need to log the inner User-Name for the authentication session. Or, update the Access-Accept to contain Chargeable-User-Identity. See raddb/policy.d/cui
>
> Above is the only hint you have given.
I mentioned PEAP / TTLS. They're authentication protocols which have an "outer" and "inner' identity.
Go read up on how PEAP and TTLS work. e.g. Wikipedia, or other places. This is all explained.
The "outer" identity here is "anonymous". The "inner" identity contains the real user name,
> Now, I'm not clear what you meant by "You will need to log the inner User-Name for the authentication session".
Edit sites-enabled/inner-tunnel. Change it to log the User-Name.
You should set up a test RADIUS server. They're free. Then, use eapol_test to run tests. See src/tests/eap-ttls-pap.conf
You can see how things work in a test environment.
Alan DeKok.
More information about the Freeradius-Users
mailing list