I have been asked to configure FreeIPA 4.4 servers to handle VPN authentication
using a FreeRADIUS server, with 2FA being generated by a Yubikey given to each
The existing radius server configuration uses PAM sssd and yubico modules with
a static file for the Yubikeys, and works with the token appended to the
password. The sssd functions as a user lookup to FreeIPA.
I am hoping to be able to migrate the configuration to use only FreeRADIUS and
FreeIPA with dynamic lookups, but I am not sure where to start.
Is there a recommended method, like using the radius ldap module, to query
username, password, and Yubikey values?
Does anyone have a working implementation of something similar?
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org