Hi I have setup the freeradius as in the single LDAP freeipa.
Should I stll need add the address to this field ? what is the user
attribute?
2018-02-09 16:44 GMT+08:00 Alexander Bokovoy <abokovoy(a)redhat.com>:
On Fri, 09 Feb 2018, barrykfl--- via FreeIPA-users wrote:
> Hi: all
>
> I m reading this :
>
>
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_
> permissions_to_service_accounts..html
>
> It need create a service ac under
>
> radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
> cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
>
> BUt which file ldif I should point to ? or just ignore use anther
> paratemeter
> ldapmodify -f <path/to/ldif> or ldapmodify -x -D ..??
>
> THX
>
>
>
> dn: krbprincipalname=radius/host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU
> ,cn=
> services,\
> cn=accounts,dc=ipa,dc=example,dc=net,dc=au
> changetype: modify
> add: objectClass
> objectClass: simpleSecurityObject
> -
> add: userPassword
> userPassword: <The service account password>
>
> ldapmodify -f <path/to/ldif> -D 'cn=Directory Manager' -W -H
> ldap://host.ipa
> .example.net.au -Z
> ldapwhoami -Z -D 'krbprincipalname=radius/
> host.ipa.example.net.au(a)IPA.EXAMPLE.NET.AU,\
> cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
>
Don't use that. It is a normal IPA service, so it should be created
using IPA tools:
ipa service-add radius/host.ipa.example.net.au
--
/ Alexander Bokovoy