Hey Andrew,

The guide you are following is 100% allright. Works for me (All my
freeradius servers are bound to ipa)

In regards to syntax - Please try with GUI. This is how I did that.

In regard to macosx and wifi issues. Please check if the freeradius
certificate did not expire(look for issues there)

BR
Maciej

On Tue, Nov 14, 2017 at 10:10 PM, Andrew Meyer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> After all the emails (thank you for your help) I have most of my Mac OS X
> clients authenticating to FreeIPA over wireless.  Clients running on a 2014
> or newer 10.12.5 and up won't work.  I suspect this has to do with the TLS
> version.
>
> Tell me if I'm approaching this the right way.
>
> I am trying to apply a certificate FROM FreeIPA to FreeRADIUS.  I am also
> trying to register the service within FreeIPA but strugglging with some of
> the syntax.
>
> I have been following this:
> FreeIPA: Giving permissions to service accounts. — Firstyear's blog-a-log
> <http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html>
>
> FreeIPA: Giving permissions to service accounts. — Firstyear's blog-a-log
> Firstyear`s blog-a-log
>
> <http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html>
>
>
> I'm having some trouble adding the privileges and roles:
> [andrew.meyer@radius01 ~]$ ipa privilege-add-permission 'Radius service'
> --permission='Radius Service'
>   Privilege name: Radius Service
>   Description: Privileges needed to allow radiusd servers to operate
>   Failed members:
>     permission: Radius Service: permission not found
> -----------------------------
> Number of permissions added 0
> -----------------------------
> [andrew.meyer@radius01 ~]$ ipa privilege-add-permission 'Radius service'
> --permission='Radius service'
>   Privilege name: Radius Service
>   Description: Privileges needed to allow radiusd servers to operate
>   Failed members:
>     permission: Radius service: permission not found
> -----------------------------
> Number of permissions added 0
> -----------------------------
> [andrew.meyer@radius01 ~]$ ipa role-add 'Radius server' --desc="Radius
> server role"
> --------------------------
> Added role "Radius server"
> --------------------------
>   Role name: Radius server
>   Description: Radius server role
> [andrew.meyer@radius01 ~]$ ipa role-add-privilege --privileges="Radius
> services" 'Radius server'
>   Role name: Radius server
>   Description: Radius server role
>   Failed members:
>     privilege: Radius services: privilege not found
> ----------------------------
> Number of privileges added 0
> ----------------------------
> [andrew.meyer@radius01 ~]$
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
>


-- 
Best regards

Maciej Drobniuch
Network Security Engineer
Collective-Sense,LLC
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to