hello, Yes, it's User-Name!! I have an infra with freeradius for authentication via EAP-TLS. Users download a .p12 according to their user in our domain. Installs this .p12 that contains the personal certificate, private key, and CA. In android devices the Identity field is required. Due to a failure in my configuration or not, if a user installs their .p12 and Identity puts another user from our domain, the connection is accepted in the same way. I was able to fix this with some ifs / else. I would like to try to find where the problem is and try to fix it. Thanks for the answers!!! On Thu, Apr 11, 2019 at 5:43 PM Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On Apr 11, 2019, at 9:39 PM, Matthew Newton <mcn@freeradius.org> wrote:
On Wed, 2019-04-10 at 15:23 -0300, Elias Pereira wrote:
In the EAP-tls access, the textbox "Identity" on smartphones have a correspondent attribute in freeradius?
Maybe in User-Name?
Look at the debug output to see if it's sent.
Indeed, it'll be in user-name as a function of the NAS copying the EAP-Identity-Response to the RADIUS packet in the User-Name attribute.
If it's longer than 253 bytes, it should be available untruncated/unmolested in the TLS Verification virtual server.
-Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Elias Pereira