Hi I have setup the freeradius as in the single LDAP freeipa.

Should I stll need add the address to this field ? what is the user attribute?



2018-02-09 16:44 GMT+08:00 Alexander Bokovoy <abokovoy@redhat.com>:
On Fri, 09 Feb 2018, barrykfl--- via FreeIPA-users wrote:
Hi: all

I m reading this :

http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html

It need create a service ac under

radius/host.ipa.example.net.au@IPA.EXAMPLE.NET.AU,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -

BUt which file ldif I should point to ? or just ignore use anther
paratemeter
ldapmodify -f <path/to/ldif>  or ldapmodify -x -D ..??

THX



dn: krbprincipalname=radius/host.ipa.example.net.au@IPA.EXAMPLE.NET.AU,cn=
services,\
cn=accounts,dc=ipa,dc=example,dc=net,dc=au
changetype: modify
add: objectClass
objectClass: simpleSecurityObject
-
add: userPassword
userPassword: <The service account password>

ldapmodify -f <path/to/ldif> -D 'cn=Directory Manager' -W -H ldap://host.ipa
.example.net.au -Z
ldapwhoami -Z -D 'krbprincipalname=radius/
host.ipa.example.net.au@IPA.EXAMPLE.NET.AU,\
cn=services,cn=accounts,dc=ipa,dc=example,dc=net,dc=au' -
Don't use that. It is a normal IPA service, so it should be created
using IPA tools:

ipa service-add radius/host.ipa.example.net.au


--
/ Alexander Bokovoy