EAP-TTLS Anonymos Outer Identity
Connor Herring
connorrjherring at gmail.com
Tue Sep 10 11:39:47 UTC 2024
Hi Matthew,
I had a hunch it may be client side so thank you for confirming. How would
you make the server react in the correct way to that though? Or could you
at least point me in the right direction?
For example if I attempt on Windows I can set both of these things but
whenever I actually attempt the authentication the server just states that
the login was incorrect.
Kind regards,
Connor
On Tue, Sep 10, 2024 at 12:32 PM Matthew Newton via Freeradius-Users <
freeradius-users at lists.freeradius.org> wrote:
>
>
> On 10/09/2024 12:28, Connor Herring wrote:
> > If I'm not mistaken this is set on the client side, however, how would I
> > make it so that the anonymous username is sent as the outer identity and
> > the real username is then sent as the inner identity? The server is
> > functioning fine as it is, the TTLS tunnel gets initiated and by the
> looks
> > of it the username and password are tunnelled within the tunnel and
> > authenticated by PAP/MD5.
>
> Supplicants generally have two boxes, one to enter "identity" and the
> other to enter "anonymous identity". Identity goes inside the tunnel
> (e.g. "user at realm"), anonymous identity (e.g. "@realm") goes in the outer.
>
> It's fully set by the client device, it can't be forced from the server.
> If there is no separate anonymous identity setting, then it can't be
> changed and both will be the same.
>
> --
> Matthew
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list