Identity attribute
Alan DeKok
aland at deployingradius.com
Fri Apr 12 15:07:20 CEST 2019
On Apr 12, 2019, at 2:04 PM, Elias Pereira <empbilly at gmail.com> wrote:
> In android devices the Identity field is required. Due to a failure in my
> configuration or not, if a user installs their .p12 and Identity puts
> another user from our domain, the connection is accepted in the same way. I
> was able to fix this with some ifs / else. I would like to try to find
> where the problem is and try to fix it.
Read the debug output. It will show you what attribute has the TLS certificate identity. Usually TLS-Client-Cert-Common-Name
Then, write some unlang to compare that to the User-Name:
if (TLS-Client-Cert-Common-Name && TLS-Client-Cert-Common-Name != User-Name) {
reject
}
Alan DeKok.
More information about the Freeradius-Users
mailing list