Continuing my adventures with FreeRADIUS ...
It seems that there's no escaping the need to create a dedicated LDAP user for FreeRADIUS, so that it can see group membership information.
I've already created a FreeIPA service - radius/ipa.example.com@EXAMPLE.COM - so that I could issue a certificate for PEAP and monitor it with certmonger. (Yes, FreeRADIUS is running on the same server as FreeIPA.)
Is it possible to somehow create a "service user" associated with this service that FreeRADIUS can use as an LDAP login?
Thanks!