Hello,
I have been asked to configure FreeIPA 4.4 servers to handle VPN authentication using a
FreeRADIUS server, with 2FA being generated by a Yubikey given to each user.
The existing radius server configuration uses PAM sssd and yubico modules with a static
file for the Yubikeys, and works with the token appended to the password. The sssd
functions as a user lookup to FreeIPA.
I am hoping to be able to migrate the configuration to use only FreeRADIUS and FreeIPA
with dynamic lookups, but I am not sure where to start.
Is there a recommended method, like using the radius ldap module, to query username,
password, and Yubikey values?
Does anyone have a working implementation of something similar?
Cheers,
Dagan
Show replies by date