EAP-TLS with user base in SQL not happening
Hi I am doing EAP-TLS test to authenticate only known users that are in SQL to authenticate via TLS method, how can I achieve this? can some one share me any guide on this, I have been able to achieve TLS authentication on files but not able to do so via SQL Server. My issue is that even if the user is not found in SQL it is able to authenticate via TLS Cheers MK Singh +91-9910416231 www.shouut.com
On Feb 15, 2019, at 6:22 AM, Mankomal Singh <mankomal@shouut.com> wrote:
I am doing EAP-TLS test to authenticate only known users that are in SQL to authenticate via TLS method, how can I achieve this? can some one share me any guide on this, I have been able to achieve TLS authentication on files but not able to do so via SQL Server.
My issue is that even if the user is not found in SQL it is able to authenticate via TLS
That's largely what EAP-TLS means... if the user has a client certificate, they're authenticated. If you want to reject certain users, you should revoke their client certificate. If you can't do that, you *can* reject the user, but their system won't know why they've been rejected. So it will try to authenticate over and over again. You can do this: authorize { ... sql if (notfound) { reject } ... } Reading the debug output should make it clear why this works. Alan DeKok.
participants (2)
-
Alan DeKok -
Mankomal Singh