Reference: https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_...
What about setting it up so that RADIUS gets credentials and groups from FreeIPA without the OTP ?
______________________________________________________________________________________________
Daniel E. White daniel.e.white@nasa.govmailto:daniel.e.white@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290
Hi Daniel,
I'm afraid I don't understand what you're trying to accomplish.
There's two primary use cases for RADIUS:
- RADIUS for wireless auth, with IPA doing the underlying authentication - RADIUS as a backend for OTP, with IPA passing OTP queries to RADIUS to validate
I'm going to guess by your request that you want the former, not the latter.
What you're looking for is probably most easily accomplished via an LDAP interface for FreeRADIUS. I think the following might help you:
- https://wiki.freeradius.org/modules/Rlm_ldap - http://lists.freeradius.org/pipermail/freeradius-users/2018-April/091159.htm...
I'm not sure what group information you'd need in this scenario, though.
If you're trying to use RADIUS to do authenticate on systems, we don't support pam_radius (and the authenticating system doesn't get group information in that setup).
Would sssd be a better fit in this case?
Thanks,
- Alex
----- Original Message -----
From: "Daniel E. White (GSFC-770.0)[NICS] via FreeIPA-users" freeipa-users@lists.fedorahosted.org To: "FreeIPA users list" freeipa-users@lists.fedorahosted.org Cc: "Daniel E. White (GSFC-770.0)[NICS]" daniel.e.white@nasa.gov Sent: Wednesday, February 12, 2020 8:54:31 AM Subject: [Freeipa-users] FreeIPA and FreeRadius (or any RADIUS)
Reference: https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_...
What about setting it up so that RADIUS gets credentials and groups from FreeIPA without the OTP ?
Daniel E. White daniel.e.white@nasa.govmailto:daniel.e.white@nasa.gov NICS Linux Engineer NASA Goddard Space Flight Center 8800 Greenbelt Road Building 14, Room E175 Greenbelt, MD 20771 Office: (301) 286-6919 Mobile: (240) 513-5290
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org
-
Alex Scheel -
White, Daniel E. (GSFC-770.0)[NICS]