Freeradius and IPA possible
Jostein Fossheim
jfossheim at skyfritt.net
Wed Apr 30 15:08:58 UTC 2025
Ville Leinonen:
We where hoping to contribute some upgraded documentaion, connected to schema-upgrade for dictionary attriubutes and hunt groups, but haven’t found time to produce anything usefull yet.
You find several guides just by googling that covers the basics, and the information given by Alan should get you a long way.
There might be some contrainuitive things to figure out, when it comes to ACLs in the ldap tree, so it all depends how fluent you are in working with ldap.
--
Jostein Fossheim
> On 30 Apr 2025, at 16:57, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Apr 30, 2025, at 10:09 AM, Ville Leinonen via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> I installed FreeRadius version 3.0.21 with ldap and krb modules and installed IPA server version 4.12.2. I would now like to use IPA as a backend server and authenticate my remote users using radius.
>
> You should upgrade to 3.0.27, but OK.
>
>> I would like to ask if this is possible and if there are any instructions on how to do it.
>
> IPA is just an LDAP database. You should:
>
> * configure mods-available/ldap
>
> It has instructions for testing with an ldapsearch command line tool.
>
> * link mods-enabled/ldap --> mods-available/ldap
>
> * start the server in debug mode
>
> * use radtest to send a request with a name / password.
>
> * Verify that the server receives the packets && checks ldap
>
> * see that an Access-Accept is returned.
>
> It's really quite simple. The hardest part is configuring the ldap module. And the file mods-available/ldap detailed instructions.
>
> And, as always, run the server in debug mode when you need to debug the server.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list