Simo, thank you for your answer FreeRADIUS uses very customized (for complex network ACLs) MySQL schema and network team manages it. Unfortunately, I cannot change FreeRADIUS related infrastructure.
-- Best regards, Pavel Zhukov mailto:[email protected] On Thu, 01 Mar 2012, Simo Sorce wrote: > On Thu, 2012-03-01 at 16:35 +0400, Pavel Zhukov wrote: > > Hi all > > I'm going to deploy "kerberised network" and have some questions. > > I've deployed FreeIPA server and enrolled hosts, it's OK, > > I've deployed RHEV and configured FreeIPA as DS, it's OK. > > > > FreeRADIUS is used for user login (thought Cisco FireWall or Cisco > > VPN) and contains user database (mysql). > > > > Is it possible to integrate FreeRADIUS server and FreeIPA? For > > security reasons replication of transfer) of passwords is impossible. > > > > possible scenario: > > User tries to access some resource (ssh for example) -> ssh server > > goes to kerberos (IPA) server -> IPA (LDAP?) goes to RADIUS (using > > kerberos if possible?) -> krb ticket -> login > > No doesn't work this way. > But you can use LDAP as a backend for FreeRADIUS so that Radius goes to > FreeIPA to try to authenticate users. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
