[Freeipa-users] freeipa radius cisco
Han Boetes
hboetes at gmail.com
Fri Jan 18 14:31:03 UTC 2013
I've got it running. Of course you shouldn't expect passwordless logins to
work but it's much better than having everyone knowing the passwords.
The document that helped me setting up the cisco part was this one:
http://wiki.freeradius.org/vendor/Cisco
And the magic to add to the configfiles:
In client.conf; somerandompass is also used in the cisco config.
client 192.168.2.0/16 {
secret = somerandompass
shortname = someshortname
nastype = cisco
}
And in the file users; the last line throws users directly to the "root"
shell:
DEFAULT Auth-Type = Kerberos
Service-Type = NAS-Prompt-User, cisco-avpair = "shell:priv-lvl=15"
Now all I have to figure out is how to set up using eap-tls. The relevant
log-message is:
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130118/7d28885f/attachment.htm>
More information about the Freeipa-users
mailing list