I recently started using FreeIPA and FreeRadius so I might still have some
What I am trying to achieve is to have clients use client certificate to login
into OpenVPN using FreeRadius and FreeIPA.
So far clients can connect to OpenVPN (radiusplugin) with FreeRadius (through
kerberos) through FreeIPA using username+password login which works as intended.
My question now is how would I go about creating client certificates in FreeIPA
(created through the web gui for example) which clients can use to login into
I don’t want them to login with username+password but rather with certificates
which are managed by FreeIPA.
I was looking into EAP-TLS but I am not sure I am on the right path.
OpenVPN is on a separate server running Debian 8
FreeRadius and FreeIPA are both running on another Debian 8 machine. (they are
both on the same machine though)
Is this possible and if so how would I have to configure the services, or am I
doing things more complicated than actually needed?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project