On 13.02.2013 15:46, Hocine M wrote: > Hi, > > Some user who are proxied (eduroam) are acconted with username = > anonymous@realm > I don't want to have anonymous user in my database, do i have to reject > anonymous users in post-proxy section or there is something to do to > force user to use inner identity? >
If this is a remote user connected within your institution, and the home radius does NOT copy the inner identity to the outer tunnel, then you won't be able to know the real username of the user. You *could* reject users with an outer identity of anonymous@realm or just @realm, but you would not be eduroam-compliant anymore. for ref : https://confluence.terena.org/display/H2eduroam/eduroam+IdP second section, Anonymous outer identites Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mobile: +41 (0)78 619 73 53 Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html