[Freeipa-users] Openwrt-Freeradius-FreeIPA

Johan Vermeulen jameslast29 at gmail.com
Sun May 7 18:16:00 UTC 2017 

Hello All,

I have sent the same mail a few days ago, but I think it ended up in
spam...........

We have FreeIPA running on Centos7
[root at freeipa03 ~]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)

Not fully updated but that is planned.

[root at freeipa03 ~]# yum list installed | grep ipa
ipa-admintools.x86_64                 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64                     4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64                     4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64                     4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64                 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_64                    1.13.0-40.el7_2.12
@updates
python-iniparse.noarch                0.4-9.el7
@anaconda
python-libipa_hbac.x86_64             1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64                       1.13.0-40.el7_2.12
@updates

We are using FreeIPA to authenticate laptops/users, that works great. Thank
you for making that possible!

Now I bought some Linksys access points and installed Openwrt on them.
Next I'm following the second part of this wiki:

https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_
as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7

starting from : install, configure and test RADIUS server as a frontend to
IPA.

That works great, up to the point where I can do the radtest:

[root at freeipa03 ~]# radtest test password123 192.168.250.12 1812 testing1234
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
    User-Name = 'test'
    User-Password = 'password123'
    NAS-IP-Address = 192.168.250.12
    NAS-Port = 1812
    Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20

where user test  is in freeipa and 192.168.250.12 is the vpn address of the
ipa server.

My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
So far I'm not getting past EM:

Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp

where 10.10.20.117 is the Openwrt access point.

I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.

Thanks for any advise.

greetings, J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170507/07a420ba/attachment.htm>

More information about the Freeipa-users mailing list