I've got it running. Of course you shouldn't expect passwordless logins to work but it's much better than having everyone knowing the passwords.
The document that helped me setting up the cisco part was this one: http://wiki.freeradius.org/vendor/Cisco And the magic to add to the configfiles: In client.conf; somerandompass is also used in the cisco config. client 192.168.2.0/16 { secret = somerandompass shortname = someshortname nastype = cisco } And in the file users; the last line throws users directly to the "root" shell: DEFAULT Auth-Type = Kerberos Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15" Now all I have to figure out is how to set up using eap-tls. The relevant log-message is: [eap] No EAP-Message, not doing EAP ++[eap] returns noop
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users