I've got it running. Of course you shouldn't expect passwordless logins to
work but it's much better than having everyone knowing the passwords.

The document that helped me setting up the cisco part was this one:


And the magic to add to the configfiles:

In client.conf; somerandompass is also used in the cisco config.

client {
    secret        = somerandompass
    shortname     = someshortname
    nastype  = cisco

And in the file users; the last line throws users directly to the "root"

DEFAULT Auth-Type = Kerberos
        Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15"

Now all I have to figure out is how to set up using eap-tls. The relevant
log-message is:

[eap] No EAP-Message, not doing EAP
++[eap] returns noop
Freeipa-users mailing list

Reply via email to