[Freeipa-devel] IPA radius status
John Dennis
jdennis at redhat.com
Thu Oct 25 17:59:15 UTC 2007
Hi Karl:
Real quick here is my status on the radius work for IPA.
I was not able to do any additional work on radius after last week's
Wednesday call due to other obligations, I was able to get back to it
Tuesday of this week.
My next immediate goal is to get FreeRadius talking to our IPA server to
retreive user and group radius attributes in LDAP. I had to get a IPA
instance up and running on my system, that is now done (installation of
IPA is still not smooth).
I've had to track down the Radius LDAP schema. It turns out there are 4
or 5 different versions. I've sorted through them and have picked have
picked what I believe is the correct schema. In a moment I expect I'll
have Directory Server loading that schema.
Next I've got to add interfaces to IPA to allow the per user radius
attributes to be set. I believe I've found all the right places in the
IPA source code where these enhancements need to be made and understand
the relevant IPA code.
I've had to go back and hone my understanding of Radius operation as it
was clear there had been some misconceptions and holes in my
understanding, that work is mostly done.
By the end of today I expect to be able to manually manipulate Radius
attributes in LDAP, e.g. manually load the schema, use the ldap* command
line tools and sample LDIF files so I can then verify the Radius server
can access the LDAP attributes.
Tomorrow morning I expect to start adding the necessary IPA code to
support the Radius attributes. I expect that work to be completed by the
end of the day Monday.
On Tuesday I expect to test simple Radius authentication with the Radius
server talking to the IPA LDAP server. After that I will start
configuring and testing the more advance Radius usage, such as VPN
access and EAP. That phase of the work will probably be at least another
week of work.
--
John Dennis <jdennis at redhat.com>
More information about the Freeipa-devel
mailing list