6 a.m.
Kees Bakker via FreeIPA-users wrote:
The warning is for a cert that I created for a FreeRADIUS server (which
I never actually managed to get working).
We need a RADIUS service and were hoping to hang one off of FreeIPA/IdM to use its
credentials.
The references I have found are from 2015
https://www.redhat.com/archives/freeipa-users/2015-December/msg00170.html
Is this information still valid ?
______________________________________________________________________________________________
Daniel E. White
daniel.e.white@nasa.gov<mailto:daniel.e.white@nasa.gov>
NICS Linux Engineer
NASA Goddard Space Flight Center
8800 Greenbelt Road
Building 14, Room E175
Greenbelt, MD 20771
Office: (301) 286-6919
Mobile: (240) 513-5290
3:55 p.m.
Hi,
On Fri, 13 Dec 2019, White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
Kees Bakker via FreeIPA-users wrote:
The warning is for a cert that I created for a FreeRADIUS server (which I
never actually managed to get working).
We need a RADIUS service and were hoping to hang one off of FreeIPA/IdM to
use its credentials.
The references I have found are from 2015
https://www.redhat.com/archives/freeipa-users/2015-December/msg00170.html
Is this information still valid ?
i'm using FreeIPA to authenticate WiFi users via WPA Enterprise/PEAP. The
FreeIPA part was more or less defining a service that is then used in
FreeRADIUS:
/etc/raddb/mods-available/ldap
---
[...]
# FreeRADIUS runs on IPA server
server = 'localhost'
identity =
'krbprincipalname=radius/ipa.example.com(a)EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com'
password = xxx
base_dn = 'dc=example,dc=com'
[...]
user {
[...]
base_dn = "cn=users,cn=accounts,dc=example,dc=com'
[...]
}
[...]
---
The IPA CA and service cert are required for FreeRADIUS EAP and TLS
configuration. WiFi APs are configured as FreeRADIUS clients, so that they can
query the FreeRADIUS server. This has been running for quite a while now, i
can't recall all details right now, but this is probably more a FreeRADIUS than
a FreeIPA challenge.
Mit freundlichen Gruessen/With best regards,
--Daniel.
3:57 p.m.
Hi,
On Fri, 13 Dec 2019, White, Daniel E. (GSFC-770.0)[NICS] via FreeIPA-users wrote:
Kees Bakker via FreeIPA-users wrote:
The warning is for a cert that I created for a FreeRADIUS server (which I
never actually managed to get working).
We need a RADIUS service and were hoping to hang one off of FreeIPA/IdM to
use its credentials.
The references I have found are from 2015
https://www.redhat.com/archives/freeipa-users/2015-December/msg00170.html
Is this information still valid ?
i'm using FreeIPA to authenticate WiFi users via WPA Enterprise/PEAP. The
FreeIPA part was more or less defining a service that is then used in
FreeRADIUS:
/etc/raddb/mods-available/ldap
---
[...]
# FreeRADIUS runs on IPA server
server = 'localhost'
identity =
'krbprincipalname=radius/ipa.example.com(a)EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com'
password = xxx
base_dn = 'dc=example,dc=com'
[...]
user {
[...]
base_dn = "cn=users,cn=accounts,dc=example,dc=com'
[...]
}
[...]
---
The IPA CA and service cert are required for FreeRADIUS EAP and TLS
configuration. WiFi APs are configured as FreeRADIUS clients, so that they can
query the FreeRADIUS server. This has been running for quite a while now, i
can't recall all details right now, but this is probably more a FreeRADIUS than
a FreeIPA challenge.
Mit freundlichen Gruessen/With best regards,
--Daniel.
1596
days inactive
1596
days old
freeipa-users@lists.fedorahosted.org
2 comments
3 participants
participants (3)
-
Daniel Bischof -
dbischof@hrz.uni-kassel.de -
White, Daniel E. (GSFC-770.0)[NICS]