Hi,
On Fri, 13 Dec 2019, White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
Kees Bakker via FreeIPA-users wrote:
The warning is for a cert that I created for a FreeRADIUS server (which I
never actually managed to get working).
We need a RADIUS service and were hoping to hang one off of FreeIPA/IdM to
use its credentials.
The references I have found are from 2015
https://www.redhat.com/archives/freeipa-users/2015-December/msg00170.html
Is this information still valid ?
i'm using FreeIPA to authenticate WiFi users via WPA Enterprise/PEAP. The
FreeIPA part was more or less defining a service that is then used in
FreeRADIUS:
/etc/raddb/mods-available/ldap
---
[...]
# FreeRADIUS runs on IPA server
server = 'localhost'
identity =
'krbprincipalname=radius/ipa.example.com(a)EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com'
password = xxx
base_dn = 'dc=example,dc=com'
[...]
user {
[...]
base_dn = "cn=users,cn=accounts,dc=example,dc=com'
[...]
}
[...]
---
The IPA CA and service cert are required for FreeRADIUS EAP and TLS
configuration. WiFi APs are configured as FreeRADIUS clients, so that they can
query the FreeRADIUS server. This has been running for quite a while now, i
can't recall all details right now, but this is probably more a FreeRADIUS than
a FreeIPA challenge.
Mit freundlichen Gruessen/With best regards,
--Daniel.