9:33 p.m.
Hi: all
I m reading this :
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_t...
It need create a service ac under
radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
BUt which file ldif I should point to ? or just ignore use anther
paratemeter
ldapmodify -f <path/to/ldif> or ldapmodify -x -D ..??
THX
dn: krbprincipalname=radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,cn=
services,\
cn=accounts,dc=ipa,dc=example,dc=net,dc=au
changetype: modify
add: objectClass
objectClass: simpleSecurityObject
-
add: userPassword
userPassword: <The service account password>
ldapmodify -f <path/to/ldif> -D 'cn=Directory Manager' -W -H
ldap://host.ipa
.example.net.au -Z
ldapwhoami -Z -D 'krbprincipalname=radius/
host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
W
2:44 a.m.
On Fri, 09 Feb 2018, barrykfl--- via FreeIPA-users wrote:
Hi: all
I m reading this :
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_t...
It need create a service ac under
radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
BUt which file ldif I should point to ? or just ignore use anther
paratemeter
ldapmodify -f <path/to/ldif> or ldapmodify -x -D ..??
THX
dn: krbprincipalname=radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,cn=
services,\
cn=accounts,dc=ipa,dc=example,dc=net,dc=au
changetype: modify
add: objectClass
objectClass: simpleSecurityObject
-
add: userPassword
userPassword: <The service account password>
ldapmodify -f <path/to/ldif> -D 'cn=Directory Manager' -W -H
ldap://host.ipa
.example.net.au -Z
ldapwhoami -Z -D 'krbprincipalname=radius/
host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
Don't use that. It
is a normal IPA service, so it should be created
using IPA tools:
ipa service-add radius/host.ipa.example.net.au
--
/ Alexander Bokovoy
3:37 a.m.
Hi I have setup the freeradius as in the single LDAP freeipa.
Should I stll need add the address to this field ? what is the user
attribute?
2018-02-09 16:44 GMT+08:00 Alexander Bokovoy <abokovoy(a)redhat.com>:
On Fri, 09 Feb 2018, barrykfl--- via FreeIPA-users wrote:
> Hi: all
>
> I m reading this :
>
> http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_
> permissions_to_service_accounts..html
>
> It need create a service ac under
>
> radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
> cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
>
> BUt which file ldif I should point to ? or just ignore use anther
> paratemeter
> ldapmodify -f <path/to/ldif> or ldapmodify -x -D ..??
>
> THX
>
>
>
> dn: krbprincipalname=radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU
> ,cn=
> services,\
> cn=accounts,dc=ipa,dc=example,dc=net,dc=au
> changetype: modify
> add: objectClass
> objectClass: simpleSecurityObject
> -
> add: userPassword
> userPassword: <The service account password>
>
> ldapmodify -f <path/to/ldif> -D 'cn=Directory Manager' -W -H
> ldap://host.ipa
> .example.net.au -Z
> ldapwhoami -Z -D 'krbprincipalname=radius/
> host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
> cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
>
Don't use that. It is a normal IPA service, so it should be created
using IPA tools:
ipa service-add radius/host.ipa.example.net.au
--
/ Alexander Bokovoy
2260
days inactive
2260
days old
freeipa-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Alexander Bokovoy -
barrykfl@gmail.com