Hello, If I understood correctly, what you want to do is to set up your FreeRADIUS server so it consumes identity information from FreeIPA. That is not the purpose of the radiusproxy functionality, which implements the reverse flow: clients contacting FreeIPA would be proxied to a RADIUS server for authentication. See [1] for a detailed explanation of a common use case for radiusproxy.
In your case, you need to configure FreeRADIUS so it connects to FreeIPA using LDAP. The authentication mechanism to do this could be username/password, or you could set up SASL GSSAPI, depending on your requirements. You may find this gist [2] useful. Authentication may not be enough, though, and you may need to leverage other information (group membership, I would assume) in order to authorise users for VPN usage.This is done on the FreeRADIUS side. [1]: https://www.freeipa.org/page/V4/OTP/Detail [2]: https://gist.github.com/tiran/770b41cdff10d9f95e9623f468ebccec On Thu, Jul 2, 2020 at 3:58 AM Max Muller via FreeIPA-users < [email protected]> wrote: > Hi all! > > I keep trying to tune my FreeIPA server with FreeRADIUS. > > I deployed the FreeRADIUS for control authentication on VPN-server and I > want use FreeIPA as RADIUS proxy (I want control from FreeIPA which users > can use VPN). > FreeRADIUS and FreeIPA run on one server. I add RADIUS-proxy in FreeIPA, > but my RADIUS-server do not get requests from remote client. But test-util > "radtest" from this server work fine. > > What am I doing wrong? > Thanks for reply. > > [root@ipa ~]# ipa radiusproxy-find > ----------------------------- > 1 RADIUS proxy server matched > ----------------------------- > RADIUS proxy server name: radius > Server: localhost.localdomain > ---------------------------- > Number of entries returned 1 > ---------------------------- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
