Last active
February 5, 2023 08:02
-
-
Save tiran/770b41cdff10d9f95e9623f468ebccec to your computer and use it in GitHub Desktop.
Revisions
-
tiran revised this gist
Nov 6, 2016 . 1 changed file with 9 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -18,4 +18,12 @@ ldap server = 'LDAP HOSTNAME' ldap base_dn = 'cn=accounts,dc=example,dc=org' ldpa sasl mech = 'GSSAPI' ldpa sasl realm = 'YOUR REALM' ldap sasl update control:NT-Password := 'ipaNTHash' # certs mv /etc/raddb/certs /etc/raddb/certs.bak mkdir /etc/raddb/certs openssl dhparam 2048 -out /etc/raddb/certs/dh ipa-getcert request -w -k /etc/pki/tls/private/radius.key -f /etc/pki/tls/certs/radius.pem -T caIPAserviceCert -C 'systemctl restart radiusd.service' -N HOSTNAME -D HOSTNAME -K radius/HOSTNAME -
Nov 5, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ mkdir -p /etc/systemd/system/radiusd.service.d cat > /etc/systemd/system/radiusd.service.d/krb5_keytab.conf << EOF [Service] Environment=KRB5_CLIENT_KTNAME=/etc/raddb/radius.keytab ExecStartPre=-/usr/bin/kdestroy -A ExecStopPost=-/usr/bin/kdestroy -A EOF systemctl daemon-reload -
Nov 5, 2016 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,9 +5,11 @@ chmod 640 /etc/raddb/radius.keytab # make radius use the keytab for SASL GSSAPI mkdir -p /etc/systemd/system/radiusd.service.d cat > /etc/systemd/system/radiusd.service.d/krb5_keytab.conf << EOF [Service] Environment=KRB5_CLIENT_KTNAME=/etc/raddb/radius.keytab ExecPreStart=-/usr/bin/kdestroy -A ExecStopPost=-/usr/bin/kdestroy -A EOF systemctl daemon-reload -
Nov 5, 2016 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,6 +9,7 @@ echo > /etc/systemd/system/radiusd.service.d/krb5_keytab.conf << EOF [Service] Environment=KRB5_CLIENT_KTNAME=/etc/raddb/radius.keytab EOF systemctl daemon-reload edit /etc/raddb/mods-enabled/ldap ldap server = 'LDAP HOSTNAME' -
Nov 5, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,18 @@ # create keytab for radius user ipa-getkeytab -p 'radius/HOSTNAME' -k /etc/raddb/radius.keytab chown root:radiusd /etc/raddb/radius.keytab chmod 640 /etc/raddb/radius.keytab # make radius use the keytab for SASL GSSAPI mkdir -p /etc/systemd/system/radiusd.service.d echo > /etc/systemd/system/radiusd.service.d/krb5_keytab.conf << EOF [Service] Environment=KRB5_CLIENT_KTNAME=/etc/raddb/radius.keytab EOF edit /etc/raddb/mods-enabled/ldap ldap server = 'LDAP HOSTNAME' ldap base_dn = 'cn=accounts,dc=example,dc=org' ldpa sasl mech = 'GSSAPI' ldpa sasl realm = 'YOUR REALM' ldap sasl update control:NT-Password := 'ipaNTHash'