Freeradius and IPA possible

Ville Leinonen ville at leinonen.org
Wed Apr 30 15:23:39 UTC 2025 

Hi,

Thank you for the replies. I will try to upgrade 3.0.27 (I assume that 
there is some fixes is ldap part + security fixes) and check what is 
says.
I have already got ldap working, so it founds user, but there is 
something wrong after that.

Regards,

Ville

On 30.04.2025 18:08, Jostein Fossheim via Freeradius-Users wrote:
> Ville Leinonen:
> 
> We where hoping to contribute some upgraded documentaion, connected to 
> schema-upgrade for dictionary attriubutes and hunt groups, but haven’t 
> found time to produce anything usefull yet.
> 
> You find several guides just by googling that covers the basics, and 
> the information given by Alan should get you a long way.
> 
> There might be some contrainuitive things to figure out, when it comes 
> to ACLs in the ldap tree, so it all depends how fluent you are in 
> working with ldap.
> --
> Jostein Fossheim
> 
> 
>> On 30 Apr 2025, at 16:57, Alan DeKok <aland at deployingradius.com> 
>> wrote:
>> 
>> On Apr 30, 2025, at 10:09 AM, Ville Leinonen via Freeradius-Users 
>> <freeradius-users at lists.freeradius.org> wrote:
>>> I installed FreeRadius version 3.0.21 with ldap and krb modules and 
>>> installed IPA server version 4.12.2. I would now like to use IPA as a 
>>> backend server and authenticate my remote users using radius.
>> 
>>  You should upgrade to 3.0.27, but OK.
>> 
>>> I would like to ask if this is possible and if there are any 
>>> instructions on how to do it.
>> 
>>  IPA is just an LDAP database.  You should:
>> 
>> * configure mods-available/ldap
>> 
>>  It has instructions for testing with an ldapsearch command line tool.
>> 
>> * link mods-enabled/ldap --> mods-available/ldap
>> 
>> * start the server in debug mode
>> 
>> * use radtest to send a request with a name / password.
>> 
>> * Verify that the server receives the packets && checks ldap
>> 
>> * see that an Access-Accept is returned.
>> 
>>  It's really quite simple.  The hardest part is configuring the ldap 
>> module.  And the file mods-available/ldap detailed instructions.
>> 
>>  And, as always, run the server in debug mode when you need to debug 
>> the server.
>> 
>>  Alan DeKok.
>> 
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list