Hello,
I have been asked to configure FreeIPA 4.4 servers to handle VPN authentication using a FreeRADIUS server, with 2FA being generated by a Yubikey given to each user.
The existing radius server configuration uses PAM sssd and yubico modules with a static file for the Yubikeys, and works with the token appended to the password. The sssd functions as a user lookup to FreeIPA.
I am hoping to be able to migrate the configuration to use only FreeRADIUS and FreeIPA with dynamic lookups, but I am not sure where to start.
Is there a recommended method, like using the radius ldap module, to query username, password, and Yubikey values?
Does anyone have a working implementation of something similar?
Cheers,
Dagan