I have configured a freeradius server that uses the FreeIPA LDAP backend
for user and device authentication. It's not at all difficult.
On Thu, Mar 1, 2012 at 9:11 AM, Simo Sorce <s...@redhat.com> wrote:
> On Thu, 2012-03-01 at 16:35 +0400, Pavel Zhukov wrote:
> > Hi all
> > I'm going to deploy "kerberised network" and have some questions.
> > I've deployed FreeIPA server and enrolled hosts, it's OK,
> > I've deployed RHEV and configured FreeIPA as DS, it's OK.
> > FreeRADIUS is used for user login (thought Cisco FireWall or Cisco
> > VPN) and contains user database (mysql).
> > Is it possible to integrate FreeRADIUS server and FreeIPA? For
> > security reasons replication of transfer) of passwords is impossible.
> > possible scenario:
> > User tries to access some resource (ssh for example) -> ssh server
> > goes to kerberos (IPA) server -> IPA (LDAP?) goes to RADIUS (using
> > kerberos if possible?) -> krb ticket -> login
> No doesn't work this way.
> But you can use LDAP as a backend for FreeRADIUS so that Radius goes to
> FreeIPA to try to authenticate users.
> Simo Sorce * Red Hat, Inc * New York
> Freeipa-users mailing list
Freeipa-users mailing list