I have been asked to configure FreeIPA 4.4 servers to handle VPN authentication 
using a FreeRADIUS server, with 2FA being generated by a Yubikey given to each 

The existing radius server configuration uses PAM sssd and yubico modules with 
a static file for the Yubikeys, and works with the token appended to the 
password. The sssd functions as a user lookup to FreeIPA. 

I am hoping to be able to migrate the configuration to use only FreeRADIUS and 
FreeIPA with dynamic lookups, but I am not sure where to start. 

Is there a recommended method, like using the radius ldap module, to query 
username, password, and Yubikey values? 

Does anyone have a working implementation of something similar? 


FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to