Dear Community,
first of all, thank you for that great developing! Like the subject say, I try to connect a Radius Server which is on my Cisco ISE. I want to use MsChapV2 for Authentication.
But I can't find a real manual on how to connect a radius server with freeIPA. Just the FreeRadius manuals which I can't apply on my setup. Do you have a manual on setting up freeipa to use the radius.
I already did a ipa-adtrust-install and added the Radius-Server (ISE) with FQDN with the command: ipa service-add 'radius/FQDN' and ipa service-add-host --hosts=FQDN radius/FQDN and ipa role-add-member --hosts=FQDN
But i think this is not all i have to do in order to work with the radius server. My Question is also: Do I have to create a keytab from my Radius-Server (ISE) and put it no ipa. Something like in this guide shown? http://ilcofon.net/index.php/2018/01/05/wifi-authenticate-with-radius-and-fr... ipa-getkeytab -p- 'radius/FQDN-RADIUS' -s FQDN-IPA -k /root/radius.keytab
(By the way: Sorry for my bad english, I hope you can read it.)
Thanks in advance!
Best Regards Nikoalos Hatzepanagiotides
Hi Niko,
here is nice howto for the FRČ https://firstyear.id.au/blog/html/2016/01/13/FreeRADIUS:_Using_mschapv2_with...
maybe it helps you...
cheers, --- Ernedin ZAJKO ezajko@root.ba
340282366920938463463374607431768211456
On Thu, Dec 13, 2018 at 10:55 AM Nikolaos Hatzepanagiotides via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Dear Community,
first of all, thank you for that great developing! Like the subject say, I try to connect a Radius Server which is on my Cisco ISE. I want to use MsChapV2 for Authentication.
But I can't find a real manual on how to connect a radius server with freeIPA. Just the FreeRadius manuals which I can't apply on my setup. Do you have a manual on setting up freeipa to use the radius.
I already did a ipa-adtrust-install and added the Radius-Server (ISE) with FQDN with the command: ipa service-add 'radius/FQDN' and ipa service-add-host --hosts=FQDN radius/FQDN and ipa role-add-member --hosts=FQDN
But i think this is not all i have to do in order to work with the radius server. My Question is also: Do I have to create a keytab from my Radius-Server (ISE) and put it no ipa. Something like in this guide shown? http://ilcofon.net/index.php/2018/01/05/wifi-authenticate-with-radius-and-fr... ipa-getkeytab -p- 'radius/FQDN-RADIUS' -s FQDN-IPA -k /root/radius.keytab
(By the way: Sorry for my bad english, I hope you can read it.)
Thanks in advance!
Best Regards Nikoalos Hatzepanagiotides _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
I used the above guide when I set it up in our environment and it works great. Only minor inconvenience is that existing users have to reset their password to generate and nthash before they can login with RADIUS.
You may also find this mailing list discussion helpful as well when it comes to setting up group based authentication. http://lists.freeradius.org/pipermail/freeradius-users/2016-December/085977....
Hallo Ernedin,
thank you very much for your help! I will follow the guide and will tell you if it had worked :)
freeipa-users@lists.fedorahosted.org
-
Ernedin Zajko -
John Petrini -
Nikolaos Hatzepanagiotides