EAP-TTLS Anonymos Outer Identity
Matthew Newton
mcn at freeradius.org
Tue Sep 10 11:31:52 UTC 2024
On 10/09/2024 12:28, Connor Herring wrote:
> If I'm not mistaken this is set on the client side, however, how would I
> make it so that the anonymous username is sent as the outer identity and
> the real username is then sent as the inner identity? The server is
> functioning fine as it is, the TTLS tunnel gets initiated and by the looks
> of it the username and password are tunnelled within the tunnel and
> authenticated by PAP/MD5.
Supplicants generally have two boxes, one to enter "identity" and the
other to enter "anonymous identity". Identity goes inside the tunnel
(e.g. "user at realm"), anonymous identity (e.g. "@realm") goes in the outer.
It's fully set by the client device, it can't be forced from the server.
If there is no separate anonymous identity setting, then it can't be
changed and both will be the same.
--
Matthew
More information about the Freeradius-Users
mailing list