[Freeipa-users] Openwrt-Freeradius-FreeIPA

Fri, 05 May 2017 01:47:19 -0700 

Hello All,

We have FreeIPA running on Centos7
[root@freeipa03 ~]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)

Not fully updated but that is planned.

[root@freeipa03 ~]# yum list installed | grep ipa
ipa-admintools.x86_64                 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64                     4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64                     4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64                     4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64                 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_64                    1.13.0-40.el7_2.12
@updates
python-iniparse.noarch                0.4-9.el7
@anaconda
python-libipa_hbac.x86_64             1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64                       1.13.0-40.el7_2.12
@updates

We are using FreeIPA to authenticate laptops/users, that works great. Thank
you for making that possible!

Now I bought some Linksys access points and installed Openwrt on them.
Next I'm following the second part of this wiki:

https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7

starting from : install, configure and test RADIUS server as a frontend to
IPA.

That works great, up to the point where I can do the radtest:

[root@freeipa03 ~]# radtest test password123 192.168.250.12 1812 testing1234
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
    User-Name = 'test'
    User-Password = 'password123'
    NAS-IP-Address = 192.168.250.12
    NAS-Port = 1812
    Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20

where user test  is in freeipa and 192.168.250.12 is the vpn address of the
ipa server.

My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
So far I'm not getting past EM:

Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp

where 10.10.20.117 is the Openwrt access point.

I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.

Thanks for any advise.

greetings, J.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to