Hello everyone,

I recently started using FreeIPA and FreeRadius so I might still have some 
misconceptions.

What I am trying to achieve is to have clients use client certificate to login 
into OpenVPN using FreeRadius and FreeIPA.
So far clients can connect to OpenVPN (radiusplugin) with FreeRadius (through 
kerberos) through FreeIPA using username+password login which works as intended.

My question now is how would I go about creating client certificates in FreeIPA 
(created through the web gui for example) which clients can use to login into 
OpenVPN.
I don’t want them to login with username+password but rather with certificates 
which are managed by FreeIPA.

I was looking into EAP-TLS but I am not sure I am on the right path.

OpenVPN is on a separate server running Debian 8

FreeRadius and FreeIPA are both running on another Debian 8 machine. (they are 
both on the same machine though)


Is this possible and if so how would I have to configure the services, or am I 
doing things more complicated than actually needed?


Sincerely yours,
Calin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to