On Thu, 2012-03-01 at 16:35 +0400, Pavel Zhukov wrote: > Hi all > I'm going to deploy "kerberised network" and have some questions. > I've deployed FreeIPA server and enrolled hosts, it's OK, > I've deployed RHEV and configured FreeIPA as DS, it's OK. > > FreeRADIUS is used for user login (thought Cisco FireWall or Cisco > VPN) and contains user database (mysql). > > Is it possible to integrate FreeRADIUS server and FreeIPA? For > security reasons replication of transfer) of passwords is impossible. > > possible scenario: > User tries to access some resource (ssh for example) -> ssh server > goes to kerberos (IPA) server -> IPA (LDAP?) goes to RADIUS (using > kerberos if possible?) -> krb ticket -> login
No doesn't work this way. But you can use LDAP as a backend for FreeRADIUS so that Radius goes to FreeIPA to try to authenticate users. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users