Discussion:
[Freeipa-users] Openwrt-Freeradius-FreeIPA
Johan Vermeulen
2017-05-05 08:46:15 UTC
Permalink
Hello All,

We have FreeIPA running on Centos7
[***@freeipa03 ~]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)

Not fully updated but that is planned.

[***@freeipa03 ~]# yum list installed | grep ipa
ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
python-iniparse.noarch 0.4-9.el7
@anaconda
python-libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64 1.13.0-40.el7_2.12
@updates

We are using FreeIPA to authenticate laptops/users, that works great. Thank
you for making that possible!

Now I bought some Linksys access points and installed Openwrt on them.
Next I'm following the second part of this wiki:

https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7

starting from : install, configure and test RADIUS server as a frontend to
IPA.

That works great, up to the point where I can do the radtest:

[***@freeipa03 ~]# radtest test password123 192.168.250.12 1812 testing1234
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
User-Name = 'test'
User-Password = 'password123'
NAS-IP-Address = 192.168.250.12
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20

where user test is in freeipa and 192.168.250.12 is the vpn address of the
ipa server.

My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
So far I'm not getting past EM:

Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp

where 10.10.20.117 is the Openwrt access point.

I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.

Thanks for any advise.

greetings, J.
Johan Vermeulen
2017-05-07 18:16:00 UTC
Permalink
Hello All,

I have sent the same mail a few days ago, but I think it ended up in
spam...........

We have FreeIPA running on Centos7
[***@freeipa03 ~]# cat /etc/*release
CentOS Linux release 7.2.1511 (Core)

Not fully updated but that is planned.

[***@freeipa03 ~]# yum list installed | grep ipa
ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
python-iniparse.noarch 0.4-9.el7
@anaconda
python-libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64 1.13.0-40.el7_2.12
@updates

We are using FreeIPA to authenticate laptops/users, that works great. Thank
you for making that possible!

Now I bought some Linksys access points and installed Openwrt on them.
Next I'm following the second part of this wiki:

https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_
as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7

starting from : install, configure and test RADIUS server as a frontend to
IPA.

That works great, up to the point where I can do the radtest:

[***@freeipa03 ~]# radtest test password123 192.168.250.12 1812 testing1234
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
User-Name = 'test'
User-Password = 'password123'
NAS-IP-Address = 192.168.250.12
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20

where user test is in freeipa and 192.168.250.12 is the vpn address of the
ipa server.

My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
So far I'm not getting past EM:

Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp

where 10.10.20.117 is the Openwrt access point.

I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.

Thanks for any advise.

greetings, J.
Johan Vermeulen
2017-05-09 10:36:51 UTC
Permalink
Hello All,

not trying to push for an answer here;
but in reply to this post I got a lot of spam that I don't want my wife of
kids to see.

This is only my second post here so I'm just wondering if I'm ending up in
spam because I'm getting this spam
or if the question is just very far fetched.

Greetings, J.
Post by Johan Vermeulen
Hello All,
I have sent the same mail a few days ago, but I think it ended up in
spam...........
We have FreeIPA running on Centos7
CentOS Linux release 7.2.1511 (Core)
Not fully updated but that is planned.
ipa-admintools.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-client.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-python.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
ipa-server-dns.x86_64 4.2.0-15.0.1.el7.centos.19
@updates
libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
python-iniparse.noarch 0.4-9.el7
@anaconda
python-libipa_hbac.x86_64 1.13.0-40.el7_2.12
@updates
sssd-ipa.x86_64 1.13.0-40.el7_2.12
@updates
We are using FreeIPA to authenticate laptops/users, that works great.
Thank you for making that possible!
Now I bought some Linksys access points and installed Openwrt on them.
https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as
_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
starting from : install, configure and test RADIUS server as a frontend to
IPA.
Sending Access-Request Id 26 from 0.0.0.0:44889 to 192.168.250.12:1812
User-Name = 'test'
User-Password = 'password123'
NAS-IP-Address = 192.168.250.12
NAS-Port = 1812
Message-Authenticator = 0x00
Received Access-Accept Id 26 from 192.168.250.12:1812 to
192.168.250.12:44889 length 20
where user test is in freeipa and 192.168.250.12 is the vpn address of
the ipa server.
My question now is: is it possible to have users connect with the
Linksys/Openwrt access point using username/password from FreeIPA?
Error: Ignoring request to auth address * port 1812 as server default from
unknown client 10.10.20.117 port 55421 proto udp
where 10.10.20.117 is the Openwrt access point.
I added the access point to /etc/radddb/client.conf in a number of ways,
but nothing changes. Now I'm thinking, because Freeradius now reads from
FreeIPA,
it doesn't recognize the access point.
Thanks for any advise.
greetings, J.
Loading...