Analytics & Visibility

Expand all | Collapse all

Identity Privacy/Anonymous outer identities with PEAP inNAC

  • 1.  Identity Privacy/Anonymous outer identities with PEAP inNAC

    Posted 04-16-2014 06:43
    Hi,

    is it possible to configure "Identity Privacy" with PEAP in NAC? This is possible with Microsoft NPS and is an option in common OS like Winows or Android. The key point is that the outer method does not include the "real" username. So if anyone captures the radius traffic the username is not sent in plaintext.

    As this is feature is possible with freeRadius I expect it should also be possible with NAC?

    Best Regards
    Michael


  • 2.  RE: Identity Privacy/Anonymous outer identities with PEAP inNAC

    Posted 04-16-2014 11:53
    Michael - if you are proxying to another RADIUS server, you should be able to set it up there. I'm not sure if it's something you can do when terminating on a NAC appliance though. With that said, you have to be careful when doing that if you're planning on using rules based on username. If you have an anonymous outer-identity and are proxying to another server, then I believe we will only see that outer-identity when evaluating the rules. You can however, send back the username in the RADIUS Accept message to have it updated correctly in NAC and be able to use the rules.


  • 3.  RE: Identity Privacy/Anonymous outer identities with PEAP inNAC

    Posted 04-16-2014 12:08
    Hi Tyler,

    thanks for your reply. The possibility to proxy the request to NPS is possible but in my common scenarios the NAC acts as RADIUS endpoint, so it would be intresting if NAC can handle this without RADIUS Proxy.

    Best Regards,
    Michael


  • 4.  RE: Identity Privacy/Anonymous outer identities with PEAP inNAC

    Posted 03-24-2021 16:15

    Hi , this thread is about 6 years old, you might have better luck creating a new thread to get feedback on this topic. 



  • 5.  RE: Identity Privacy/Anonymous outer identities with PEAP inNAC

    Posted 03-24-2021 19:56

    Hi Sam,

     

    I just saw those lines at the end of the post are actually a white-colored hyperlink to some website, crap marketing at its finest. :D

     

    Cheers,

    Tomasz