Identity attribute

Elias Pereira empbilly at gmail.com
Fri Apr 12 14:04:24 CEST 2019


hello,

Yes, it's User-Name!!

I have an infra with freeradius for authentication via EAP-TLS. Users
download a .p12 according to their user in our domain. Installs this .p12
that contains the personal certificate, private key, and CA.

In android devices the Identity field is required. Due to a failure in my
configuration or not, if a user installs their .p12 and Identity puts
another user from our domain, the connection is accepted in the same way. I
was able to fix this with some ifs / else. I would like to try to find
where the problem is and try to fix it.

Thanks for the answers!!!


On Thu, Apr 11, 2019 at 5:43 PM Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
>
> > On Apr 11, 2019, at 9:39 PM, Matthew Newton <mcn at freeradius.org> wrote:
> >
> > On Wed, 2019-04-10 at 15:23 -0300, Elias Pereira wrote:
> >> In the EAP-tls access, the textbox "Identity" on smartphones have a
> >> correspondent attribute in freeradius?
> >
> > Maybe in User-Name?
> >
> > Look at the debug output to see if it's sent.
>
> Indeed, it'll be in user-name as a function of the NAS copying the
> EAP-Identity-Response to the RADIUS packet in the User-Name attribute.
>
> If it's longer than 253 bytes, it should be available
> untruncated/unmolested in the TLS Verification virtual server.
>
> -Arran
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Elias Pereira


More information about the Freeradius-Users mailing list