Re: [Freeipa-users] Openwrt-Freeradius-FreeIPA

2017-05-09 Thread Johan Vermeulen 
Hello All,

not trying to push for an answer here;
but in reply to this post I got a lot of spam that I don't want my wife of
kids to see.

This is only my second post here so I'm just wondering if I'm ending up in
spam because I'm getting this spam
or  if the question is just very far fetched.

Greetings, J.

2017-05-07 20:16 GMT+02:00 Johan Vermeulen :

> Hello All,
>
> I have sent the same mail a few days ago, but I think it ended up in
> spam...
>
> We have FreeIPA running on Centos7
> [root@freeipa03 ~]# cat /etc/*release
> CentOS Linux release 7.2.1511 (Core)
>
> Not fully updated but that is planned.
>
> [root@freeipa03 ~]# yum list installed | grep ipa
> ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.19
> @updates
> ipa-client.x86_64 4.2.0-15.0.1.el7.centos.19
> @updates
> ipa-python.x86_64 4.2.0-15.0.1.el7.centos.19
> @updates
> ipa-server.x86_64 4.2.0-15.0.1.el7.centos.19
> @updates
> ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.19
> @updates
> libipa_hbac.x86_641.13.0-40.el7_2.12
> @updates
> python-iniparse.noarch0.4-9.el7
> @anaconda
> python-libipa_hbac.x86_64 1.13.0-40.el7_2.12
> @updates
> sssd-ipa.x86_64   1.13.0-40.el7_2.12
> @updates
>
> We are using FreeIPA to authenticate laptops/users, that works great.
> Thank you for making that possible!
>
> Now I bought some Linksys access points and installed Openwrt on them.
> Next I'm following the second part of this wiki:
>
> https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as
> _a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
>
> starting from : install, configure and test RADIUS server as a frontend to
> IPA.
>
> That works great, up to the point where I can do the radtest:
>
> [root@freeipa03 ~]# radtest test password123 192.168.250.12 1812
> testing1234
> Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
> User-Name = 'test'
> User-Password = 'password123'
> NAS-IP-Address = 192.168.250.12
> NAS-Port = 1812
> Message-Authenticator = 0x00
> Received Access-Accept Id 26 from 192.168.250.12:1812 to
> 192.168.250.12:44889 length 20
>
> where user test  is in freeipa and 192.168.250.12 is the vpn address of
> the ipa server.
>
> My question now is: is it possible to have users connect with the
> Linksys/Openwrt access point using username/password from FreeIPA?
> So far I'm not getting past EM:
>
> Error: Ignoring request to auth address * port 1812 as server default from
> unknown client 10.10.20.117 port 55421 proto udp
>
> where 10.10.20.117 is the Openwrt access point.
>
> I added the access point to /etc/radddb/client.conf in a number of ways,
> but nothing changes. Now I'm thinking, because Freeradius now reads from
> FreeIPA,
> it doesn't recognize the access point.
>
> Thanks for any advise.
>
> greetings, J.
>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Openwrt-Freeradius-FreeIPA

2017-05-07 Thread Johan Vermeulen 
Hello All,

I have sent the same mail a few days ago, but I think it ended up in
spam...

We have FreeIPA running on Centos7
[root@freeipa03 ~]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)

Not fully updated but that is planned.

[root@freeipa03 ~]# yum list installed | grep ipa
ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_641.13.0-40.el7_2.12
@updates
python-iniparse.noarch0.4-9.el7
@anaconda
python-libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64   1.13.0-40.el7_2.12
@updates

We are using FreeIPA to authenticate laptops/users, that works great. Thank
you for making that possible!

Now I bought some Linksys access points and installed Openwrt on them.
Next I'm following the second part of this wiki:

https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_
as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7

starting from : install, configure and test RADIUS server as a frontend to
IPA.

That works great, up to the point where I can do the radtest:

[root@freeipa03 ~]# radtest test password123 192.168.250.12 1812 testing1234
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
User-Name = 'test'
User-Password = 'password123'
NAS-IP-Address = 192.168.250.12
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20

where user test  is in freeipa and 192.168.250.12 is the vpn address of the
ipa server.

My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
So far I'm not getting past EM:

Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp

where 10.10.20.117 is the Openwrt access point.

I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.

Thanks for any advise.

greetings, J.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Openwrt-Freeradius-FreeIPA

2017-05-05 Thread Johan Vermeulen 
Hello All,

We have FreeIPA running on Centos7
[root@freeipa03 ~]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)

Not fully updated but that is planned.

[root@freeipa03 ~]# yum list installed | grep ipa
ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_641.13.0-40.el7_2.12
@updates
python-iniparse.noarch0.4-9.el7
@anaconda
python-libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64   1.13.0-40.el7_2.12
@updates

We are using FreeIPA to authenticate laptops/users, that works great. Thank
you for making that possible!

Now I bought some Linksys access points and installed Openwrt on them.
Next I'm following the second part of this wiki:

https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7

starting from : install, configure and test RADIUS server as a frontend to
IPA.

That works great, up to the point where I can do the radtest:

[root@freeipa03 ~]# radtest test password123 192.168.250.12 1812 testing1234
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
User-Name = 'test'
User-Password = 'password123'
NAS-IP-Address = 192.168.250.12
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20

where user test  is in freeipa and 192.168.250.12 is the vpn address of the
ipa server.

My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
So far I'm not getting past EM:

Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp

where 10.10.20.117 is the Openwrt access point.

I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.

Thanks for any advise.

greetings, J.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project