Hello,
If I understood correctly, what you want to do is to set up your FreeRADIUS
server so it consumes identity information from FreeIPA.
That is not the purpose of the radiusproxy functionality, which implements
the reverse flow: clients contacting FreeIPA would be proxied to a RADIUS
server for authentication. See [1] for a detailed explanation of a common
use case for radiusproxy.
In your case, you need to configure FreeRADIUS so it connects to FreeIPA
using LDAP. The authentication mechanism to do this could be
username/password, or you could set up SASL GSSAPI, depending on your
requirements. You may find this gist [2] useful.
Authentication may not be enough, though, and you may need to leverage
other information (group membership, I would assume) in order to authorise
users for VPN usage.This is done on the FreeRADIUS side.
[1]:
https://www.freeipa.org/page/V4/OTP/Detail
[2]:
https://gist.github.com/tiran/770b41cdff10d9f95e9623f468ebccec
On Thu, Jul 2, 2020 at 3:58 AM Max Muller via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Hi all!
I keep trying to tune my FreeIPA server with FreeRADIUS.
I deployed the FreeRADIUS for control authentication on VPN-server and I
want use FreeIPA as RADIUS proxy (I want control from FreeIPA which users
can use VPN).
FreeRADIUS and FreeIPA run on one server. I add RADIUS-proxy in FreeIPA,
but my RADIUS-server do not get requests from remote client. But test-util
"radtest" from this server work fine.
What am I doing wrong?
Thanks for reply.
[root@ipa ~]# ipa radiusproxy-find
-----------------------------
1 RADIUS proxy server matched
-----------------------------
RADIUS proxy server name: radius
Server: localhost.localdomain
----------------------------
Number of entries returned 1
----------------------------
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...