Hi,<br><br>I would like to use FreeRADIUS on either Debian or FreeBSD stable for VPN user authentication. Authentication should be based on the following information:<br><br>a) username+MIT Kerberos password<br>b) MAC address of the machine<br>
c) OTP generated by e.g. a Yubikey device<br>d) (possibly) a client certificate or a public/private key pair (either created by SSH or GPG)<br><br>(The combination of b) and d) would uniquely identify the machine; the combination of a) and c) would uniquely identify the user).<br>
<br>I would like to store this information in LDAP DIT (served by OpenLDAP). Up to now, I've only used OpenLDAP for POSIX+Samba account info und MIT Kerberos related data.<br><br>My questions are:<br><br>- Is there any current documentation for such a (or a quite similar) scenario?<br>
<br> Up to now, one documentation I found was<br><br> <a href="http://vuksan.com/linux/dot1x/802-1x-LDAP.html">http://vuksan.com/linux/dot1x/802-1x-LDAP.html</a><br><br> but this one is related to MAC authentication for WLAN setups<br>
<br>- Are there any web frontends and/or GUI frontends offering support for the RADIUS schema?<br><br>Thanks in advance for any info and kind regards,<br><br> Holger<br><br>