Freeradius w/ FreeIPA and DUO 2FA
I need some guidance on my setup. I currently have a FreeIPA intallation setup as my LDAP database. Currently I am trying to test using a 3rd party 2FA with it. Currently I have FreeRADIUS setup on a server and connected to FreeIPA. My question is, would I set this up similar to the way I would if it were a doing Wireless authentication? In other words would I set up FreeRADIUS with EAP-TTLS? I am following this - Using FreeIPA and FreeRadius as a RADIUS based software token OTP system with CentOS/RedHat 7 - FreeIPA | | | | | | | | | | | Using FreeIPA and FreeRadius as a RADIUS based software token OTP system... | | |
On Jul 24, 2019, at 7:59 PM, Andrew Meyer via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I need some guidance on my setup. I currently have a FreeIPA intallation setup as my LDAP database. Currently I am trying to test using a 3rd party 2FA with it. Currently I have FreeRADIUS setup on a server and connected to FreeIPA. My question is, would I set this up similar to the way I would if it were a doing Wireless authentication? In other words would I set up FreeRADIUS with EAP-TTLS?
Probably not. The authentication protocol is generally independent of 2FA.
I am following this - Using FreeIPA and FreeRadius as a RADIUS based software token OTP system with CentOS/RedHat 7 - FreeIPA
What is that? Do you have *specific* questions about what's going wrong? What third party are you using? What 2FA are you using? Your question is largely content-free. "I tried to use a bunch of acronyms. How should I do that?" Ask questions with content. Alan DeKok.
Hello All He speak about : https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_... Bien à vous Karim Le jeu. 25 juil. 2019 à 14:09, Alan DeKok <aland@deployingradius.com> a écrit :
On Jul 24, 2019, at 7:59 PM, Andrew Meyer via Freeradius-Users < freeradius-users@lists.freeradius.org> wrote:
I need some guidance on my setup. I currently have a FreeIPA
intallation setup as my LDAP database. Currently I am trying to test using a 3rd party 2FA with it. Currently I have FreeRADIUS setup on a server and connected to FreeIPA. My question is, would I set this up similar to the way I would if it were a doing Wireless authentication?
In other words would I set up FreeRADIUS with EAP-TTLS?
Probably not. The authentication protocol is generally independent of 2FA.
I am following this - Using FreeIPA and FreeRadius as a RADIUS based software token OTP system with CentOS/RedHat 7 - FreeIPA
What is that?
Do you have *specific* questions about what's going wrong?
What third party are you using? What 2FA are you using?
Your question is largely content-free. "I tried to use a bunch of acronyms. How should I do that?"
Ask questions with content.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 25 Jul 2019, at 00:59, Andrew Meyer via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I need some guidance on my setup. I currently have a FreeIPA intallation setup as my LDAP database. Currently I am trying to test using a 3rd party 2FA with it. Currently I have FreeRADIUS setup on a server and connected to FreeIPA. My question is, would I set this up similar to the way I would if it were a doing Wireless authentication? In other words would I set up FreeRADIUS with EAP-TTLS? I am following this - Using FreeIPA and FreeRadius as a RADIUS based software token OTP system with CentOS/RedHat 7 - FreeIPA
IIRC, FreeIPA when configured to use an external authenticator, only supports the use of that authenticator using Kerberos, not LDAP. " • Note that this applies for kerberos authentications only. When using RADIUS mode, LDAP binds will still require the single factor configured for the user in LDAP and will not reference the RADIUS second factor at all." You may have some luck using rlm_krb5. Adam Bishop jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800. Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
participants (4)
-
Adam Bishop -
Alan DeKok -
Andrew Meyer -
Karim Bourenane