I have configured a freeradius server that uses the FreeIPA LDAP backend
for user and device authentication. It's not at all difficult.

On Thu, Mar 1, 2012 at 9:11 AM, Simo Sorce <s...@redhat.com> wrote:

> On Thu, 2012-03-01 at 16:35 +0400, Pavel Zhukov wrote:
> > Hi all
> > I'm going to deploy "kerberised network" and have some questions.
> > I've deployed FreeIPA server and enrolled hosts, it's OK,
> > I've deployed RHEV and configured FreeIPA as DS, it's OK.
> >
> > FreeRADIUS is used for user login (thought  Cisco FireWall or Cisco
> > VPN) and contains user database (mysql).
> >
> > Is it possible to integrate FreeRADIUS server and FreeIPA? For
> > security reasons replication of transfer)  of passwords is impossible.
> >
> > possible scenario:
> > User tries to access some resource (ssh for example) -> ssh server
> > goes to kerberos (IPA) server -> IPA (LDAP?) goes to RADIUS (using
> > kerberos if possible?)  -> krb ticket -> login
>
> No doesn't work this way.
> But you can use LDAP as a backend for FreeRADIUS so that Radius goes to
> FreeIPA to try to authenticate users.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to