If I understand you correctly….are you looking to associate a user directly to a device they own (pda, laptop, etc).?
If so, I think the challenge would be how to control whether the outer identity can be changed by the user. If I were a bad guy, I'd just impersonate someone else, and just change the outer identity as appropriate. If I were a good guy and needed to attach to the network on someone else's device, I would just enter my information as appropriate. Either way, I wouldn't take it as a reliable indicator of who is using what. Having said that, I'm sorry to say that I wouldn't know how to do it without research. -Steve On Nov 11, 2010, at 11:31 AM, Johnson, Neil M wrote: Because I want to make sure that the RADIUS accounting logs reflect the user's real identity for forensic purposes. -Neil -- Neil Johnson Network Engineer Information Technology Services The University of Iowa 319 384-0938 [email protected] > -----Original Message----- > From: Alan Buxey [mailto:[email protected]] > Sent: Thursday, November 11, 2010 10:25 AM > To: Johnson, Neil M > Cc: [email protected] > Subject: Re: [RADIATOR] EAP Forcing outer identity to match inner > identity > > Hi, > > Does anyone have suggestion on how to reject a user if there outer > identity doesn't match their inner identity ? > > why should it? thats why the outerid can be anonymous (granted, > Windows have only > just added that feature in Vista and 7 - but anonymous outer ID has > been in most > EAP clients for a long time.) by enforcing this you force people to > put their real > ID into the open outer id and thus tell remote places who they are. > that shouldnt > be the concern of the remote site - the home site cares because they > are the ones > that authenticate you and validate you. > > alan _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
