Stefan Winter wrote: > > The thing about anonymous outer identity is that it doesn't matter what you > put in there. If your real name is "iamcool" and your password > is "evencooler" you can happily send "foobar" as Identity. Authentication > will only depend on what's inside the tunneled PAP request. Most supplicants > allow to specify the outer identity to your liking. > That said, there is one exception: if you are using roaming, the realm part > of > the username must be the correct one, otherwise the request can't be routed > to the correct server. >
"Most supplicants". So there's a chance that a supplicant might not do so? Is the Identity in the EAP-Message in the first packet always the same as the User-name i see in all packets? I'm searching through my dell wireless wlan card utility and i'm pretty sure i can't hide it. Are dell breaking any rfcs or other standards that i can take them up on? This is quite worrying for me as it seems to make the setup quite insecure instead of making it more secure as i had originally hoped. Perhaps a shared key and a captive portal would provide better security. I understand the weakness, but i dont see that it would be weaker than a shared key alone and has the advantage of not allowing the username to be read by any arbitrary person. Thanks for the further explanation of the RADIUS protocol - i think i will take your advice about the configuration files and leave well enough alone:) John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html