12 Apr
2019
12 Apr
'19
9:07 a.m.
On Apr 12, 2019, at 2:04 PM, Elias Pereira <empbilly@gmail.com> wrote:
In android devices the Identity field is required. Due to a failure in my configuration or not, if a user installs their .p12 and Identity puts another user from our domain, the connection is accepted in the same way. I was able to fix this with some ifs / else. I would like to try to find where the problem is and try to fix it.
Read the debug output. It will show you what attribute has the TLS certificate identity. Usually TLS-Client-Cert-Common-Name Then, write some unlang to compare that to the User-Name: if (TLS-Client-Cert-Common-Name && TLS-Client-Cert-Common-Name != User-Name) { reject } Alan DeKok.