[Freeipa-users] FreeIPA+FreeRadius+OpenVPN
Ciociu Calin
calin at immotop.lu
Tue Jun 21 13:23:19 UTC 2016
Hello everyone,
I recently started using FreeIPA and FreeRadius so I might still have some misconceptions.
What I am trying to achieve is to have clients use client certificate to login into OpenVPN using FreeRadius and FreeIPA.
So far clients can connect to OpenVPN (radiusplugin) with FreeRadius (through kerberos) through FreeIPA using username+password login which works as intended.
My question now is how would I go about creating client certificates in FreeIPA (created through the web gui for example) which clients can use to login into OpenVPN.
I don’t want them to login with username+password but rather with certificates which are managed by FreeIPA.
I was looking into EAP-TLS but I am not sure I am on the right path.
OpenVPN is on a separate server running Debian 8
FreeRadius and FreeIPA are both running on another Debian 8 machine. (they are both on the same machine though)
Is this possible and if so how would I have to configure the services, or am I doing things more complicated than actually needed?
Sincerely yours,
Calin
More information about the Freeipa-users
mailing list