[Freeipa-devel] IPA radius status

[John Dennis]

Hi Karl:

Real quick here is my status on the radius work for IPA.

I was not able to do any additional work on radius after last week's 
Wednesday call due to other obligations, I was able to get back to it 
Tuesday of this week.

My next immediate goal is to get FreeRadius talking to our IPA server to 
retreive user and group radius attributes in LDAP. I had to get a IPA 
instance up and running on my system, that is now done (installation of 
IPA is still not smooth).

I've had to track down the Radius LDAP schema. It turns out there are 4 
or 5 different versions. I've sorted through them and have picked have 
picked what I believe is the correct schema. In a moment I expect I'll 
have Directory Server loading that schema.

Next I've got to add interfaces to IPA to allow the per user radius 
attributes to be set. I believe I've found all the right places in the 
IPA source code where these enhancements need to be made and understand 
the relevant IPA code.

I've had to go back and hone my understanding of Radius operation as it 
was clear there had been some misconceptions and holes in my 
understanding, that work is mostly done.

By the end of today I expect to be able to manually manipulate Radius 
attributes in LDAP, e.g. manually load the schema, use the ldap* command 
line tools and sample LDIF files so I can then verify the Radius server 
can access the LDAP attributes.

Tomorrow morning I expect to start adding the necessary IPA code to 
support the Radius attributes. I expect that work to be completed by the 
end of the day Monday.

On Tuesday I expect to test simple Radius authentication with the Radius 
server talking to the IPA LDAP server. After that I will start 
configuring and testing the more advance Radius usage, such as VPN 
access and EAP. That phase of the work will probably be at least another 
week of work.

-- 
John Dennis <jdennis at redhat.com>