Thanks Alexander,
these are the steps I applied -->
**********************************
on Radius server:
[root@radius ~]# yum install freeradius freeradius-utils freeradius-mysql
freeradius-perl freeradius-ldap
[root@radius raddb]# vi clients.conf
client ipa {
ipaddr = 192.168.0.0/24
proto = *
secret = xxxxxx
require_message_authenticator = no
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client localhost_ipv6 {
ipv6addr = ::1
secret = xxxxxx
}
[root@radius raddb]# vi users| egrep -v "#"
user-test Cleartext-Password := "testpass"
Reply-Message := "Hello, %{User-Name}"
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
[root@radius raddb]# service radiusd restart
[root@radius raddb]# radtest user-test testpass 192.168.0.15 100 xxxxxx
Sent Access-Request Id 10 from 0.0.0.0:40950 to 192.168.0.15:1812 length 76
User-Name = "user-test"
User-Password = "testpass"
NAS-IP-Address = 192.168.0.15
NAS-Port = 100
Message-Authenticator = 0x00
Cleartext-Password = "testpass"
Received Access-Accept Id 10 from 192.168.0.15:1812 to 192.168.0.15:40950
length 35
Reply-Message = "Hello, user-tets"
****************************************
on ipa server:
yum install freeradius freeradius-utils
to check with
[root@ipa]# radtest user-test testpass 192.168.0.15 100 xxxxxx
Sent Access-Request Id 10 from 0.0.0.0:40950 to 192.168.0.15:1812 length 76
User-Name = "user-test"
User-Password = "testpass"
NAS-IP-Address = 192.168.0.15
NAS-Port = 100
Message-Authenticator = 0x00
Cleartext-Password = "testpass"
Received Access-Accept Id 10 from 192.168.0.15:1812 to 192.168.0.15:48259
length 35
Reply-Message = "Hello, user-tets"
ipa radiusproxy-add radius-server --server=radius.xxxx.yyy:1812
ipa radiusproxy-mod radius-server --secret xxxxxx
ipa user-mod --radius=radius-server --radius-username=user-test user-ipa
Form a client:
ssh server.my.domain -l user-ipa
First Factor: (password from ipa)
Second Factor: (password from radius)
First Factor: (password from radius)
Second Factor: (blank)
ipa-u...@server.my.domain 's password:
Permission denied, please try again.
ipa-u...@server.my.domain's password:
Received disconnect from x.x.x.x port 22:2: Too many authentication failures
Disconnected from x.x.x.x port 22
No log collected for this session on
/var/log/radius/radius.log
What else have I to enable?
Thanks and sorry for the delay
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
