Freeradius w/ FreeIPA and DUO 2FA

Adam Bishop Adam.Bishop at
Thu Jul 25 14:41:45 CEST 2019

On 25 Jul 2019, at 00:59, Andrew Meyer via Freeradius-Users <freeradius-users at> wrote:
> I need some guidance on my setup.  I currently have a FreeIPA intallation setup as my LDAP database.  Currently I am trying to test using a 3rd party 2FA with it.   Currently I have FreeRADIUS setup on a server and connected to FreeIPA.  My question is, would I set this up similar to the way I would if it were a doing Wireless authentication?
> In other words would I set up FreeRADIUS with EAP-TTLS?
> I am following this - Using FreeIPA and FreeRadius as a RADIUS based software token OTP system with CentOS/RedHat 7 - FreeIPA

IIRC, FreeIPA when configured to use an external authenticator, only supports the use of that authenticator using Kerberos, not LDAP.

"	• Note that this applies for kerberos authentications only. When using RADIUS mode, LDAP binds will still require the single factor configured for the user in LDAP and will not reference the RADIUS second factor at all."

You may have some luck using rlm_krb5.

Adam Bishop

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  

More information about the Freeradius-Users mailing list