for quite some time I have been using FreeIPA to manage 2FA tokens (TOTP, Yubikey, SMS/eMail). As part of my MacOS Server Migration series and moving my OpenDirectory / Authentication services to FreeIPA, I also had to move PrivacyIDEA from my legacy MacOS Server and decided to move it to the FreeIPA server to have all authentication services on the same host. I am aware that FreeIPA also has OTP support built-in, but as that only supports TOTP tokens, this did not suit my needs.
In this post describes how to get this working, without interfering with the FreeIPA web interface/services. This turned out to be a bit tricky as it requires additional rights granted to work under SELinux.
Update 2019-09-18: added how to migrate an existing PrivacyIDEA instance.
Continue reading “Running PivacyIDEA with FreeIPA”
After migrating OpenDirectory (LDAP) to FreeIPA, the next step in my MacOS Server replacement is to migrate the (Free)Radius service as well so that FreeIPA becomes the single authentication source within my network like the MacOS Server has been for years. There are several online guides available describing how to setup FreeRadius on FreeIPA, also on the FreeIPA HowTo list, though as I ended up using fragments of multiple guides to install and configure FreeRadius on FreeIPA with LDAP and MSCHAPv2 support (needed for EAP and other mechanisms) I wrote this post as a single step by step guide.
Continue reading “MacOS Server Replacement #4 – Moving (Free)Radius to FreeIPA”
I still have a few old web-managed devices of which the web UI does not work (correctly) with modern browser versions. It found out that they worked fine with Firefox 17.0.9esr (yes I know that is really old) and for quite a while I kept an outdated VM available to manage them. Since the OS that runs on now also is way beyond EOL I worked out a way to use older versions of the FireFox browser (as they keep a great archive of their historic versions).
Yes, one shouldn’t use obsolete browser versions as it is not safe for normal browsing, but to access a web interface of an internal device (that otherwise can’t be managed) should be safe enough as long as one doesn’t visit other sites. In this post I will describe how I set this up and also how I ensured that the browser would not conflict with a regular installation of the Firefox Browser
Continue reading “Manage devices with legacy Firefox versions on MacOS”