[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Revisiting June 4, 2017 thread, "WARNING: Outer and inner identities are the same."
From:       Alan Buxey <alan.buxey () gmail ! com>
Date:       2017-12-20 23:39:01
Message-ID: CAOVYXj885FUpc88r1SgXVkYJU5y7KzXQsFGARbPRY7arBYUw2g () mail ! gmail ! com
[Download RAW message or body]

There's an XML format that is being worked on to hopefully become an IETF
standard with RFC etc. Just waiting for the players to all come to the
table and agree :)

alan


On 20 Dec 2017 8:11 pm, "Brian Julin" <BJulin@clarku.edu> wrote:

>
> MS clients can anonymize the username portion via the "Identity Privacy"
> checkbox.
>
> The problem is getting that and other critical settings onto the client in
> unmanaged
> settings.  MS and Android really need to be pressured into allowing
> installation of
> Apple's mobileconfig files (and Apple into enhancing the mobileconfig a
> bit and restoring
> the UI for use cases where mobileconfigs won't work).  Apple beat them to
> the punch,
> they should just admit it.
>
> But there's too much corporate pride in the way.  They could all provide
> their own
> formats that don't rely on an onerously complicated business suite (AD
> GPO, or "G Suite"
> in Google's case) but I'm not holding my breath for that.
>
> Best case I can actually vidualize happening is that .11u eventually gets
> bells and whistles
> that solve all our problems, once all the WIFi devices that choke up on
> long beacons
> are cutting the bare feet of 6 year old Ghanan scrap harvesters.
>
> ________________________________________
> From: Freeradius-Users <freeradius-users-bounces+bjulin=clarku.edu@lists.
> freeradius.org> on behalf of David Hendricks <dahendricks1@gmail.com>
> Sent: Wednesday, December 20, 2017 2:40 PM
> To: FreeRadius users mailing list
> Subject: Re: Revisiting June 4, 2017 thread, "WARNING: Outer and inner
> identities are the same."
>
> I see. I notice that a Samsung phone gives a login option for "Anonymous
> identity" that doesn't seem to be provided for a Microsoft client. So we
> need to get on Microsoft, right?
>
> On Wed, Dec 20, 2017 at 2:31 PM, Alan DeKok <aland@deployingradius.com>
> wrote:
>
> > On Dec 20, 2017, at 2:18 PM, David Hendricks <dahendricks1@gmail.com>
> > wrote:
> > >
> > > Forgive me. I have the same issue as mentioned in the June 4, 2017
> > archived
> > > thread. It seems to me the issue is explained but not how to fix it.
> > >
> > > Question: Which file must be edited and in which manner to eliminate
> this
> > > warning about user privacy being compromised due to the same outer and
> > > inner identities?
> >
> >   You don't.
> >
> >   Both inner and outer identities are supplied by the user who is
> > authenticating.  You can't (or at least shouldn't) edit them on the
> server.
> >
> >   The warning is there to indicate that the client MAY be misconfigured.
> > The solution is to fix the client, or failing that, ignore the warning.
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]