Re: FreeRadius2 & Krb

Fri, 08 Jun 2012 09:50:14 -0700

First I was able to authenticate with kinit so I'm pretty sure krb is working.
Second yes I did do several things that were suggested for enabling krb and I did back up the original files and it works for the radtest if I add a user to the users file with a plain text password. Unfortunately that's not what I need. 

I added my client and my secret to clients.conf
I added my realm to proxy.conf
I added my keytab and service principle to  modules/krb5
I added
        DEFAULT Auth-Type = Kerberos
        to the top of my users file
I added
        
#Kerberos
        Auth-Type Kerberos {
          krb5
        }


Right after the pap entry in my sites-enabled/inner-tunnel file and in 
my default file.


I also made sure that my service key tab is readable by freeradius and root.


I fear I have missed something and I'm sure it is something I did not do 
correctly but I'm having a hell of a time figuring out what and was 
hoping the debug output would help.  If you know of something I missed 
or would like to point me to better documentation that covers getting 
FreeRadius 2 to work with Kerberos I'd be thrilled but so for my digging 
at the wiki site and various other locations has came up empty.



And I already looked in the manual under "it doesn't work".  I'm 
actually kind of concerned about it dying when I try to authenticate. 
Radius comes up just fine and runs an waits for request, and then dies 
when it goes to kerberos, that can't be good.


LB

On 6/8/2012 12:06 PM, Timmy wrote:

Lisa,
Search in the manual "It doesn't work."

and what did you **do** ?

Timmy


I'm trying to get FreeRadius2 to authenicate with MIT Kerberos. When
radius enters kerberos, it dies with no message. Any suggestions on
where to look for clues?

OS: FreeBSD 9
Radius: FreeRadius 2.1.12
Kerberos: MIT Kbr5 1.9.2

I'm not seeing obvious errors in Debug output.

[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Kerberos
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group Kerberos {...}


I have experience configuring FreeRadius the original but was hoping
to move to 2.

LB
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Lisa Besko
IT Services
Wireless Team
Michigan State University
517-432-7317
be...@msu.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to