First I was able to authenticate with kinit so I'm pretty sure krb is
working.
Second yes I did do several things that were suggested for enabling krb
and I did back up the original files and it works for the radtest if I
add a user to the users file with a plain text password. Unfortunately
that's not what I need.
I added my client and my secret to clients.conf
I added my realm to proxy.conf
I added my keytab and service principle to modules/krb5
I added
DEFAULT Auth-Type = Kerberos
to the top of my users file
I added
#Kerberos
Auth-Type Kerberos {
krb5
}
Right after the pap entry in my sites-enabled/inner-tunnel file and in
my default file.
I also made sure that my service key tab is readable by freeradius and root.
I fear I have missed something and I'm sure it is something I did not do
correctly but I'm having a hell of a time figuring out what and was
hoping the debug output would help. If you know of something I missed
or would like to point me to better documentation that covers getting
FreeRadius 2 to work with Kerberos I'd be thrilled but so for my digging
at the wiki site and various other locations has came up empty.
And I already looked in the manual under "it doesn't work". I'm
actually kind of concerned about it dying when I try to authenticate.
Radius comes up just fine and runs an waits for request, and then dies
when it goes to kerberos, that can't be good.
LB
On 6/8/2012 12:06 PM, Timmy wrote:
Lisa,
Search in the manual "It doesn't work."
and what did you **do** ?
Timmy
I'm trying to get FreeRadius2 to authenicate with MIT Kerberos. When
radius enters kerberos, it dies with no message. Any suggestions on
where to look for clues?
OS: FreeBSD 9
Radius: FreeRadius 2.1.12
Kerberos: MIT Kbr5 1.9.2
I'm not seeing obvious errors in Debug output.
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Kerberos
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group Kerberos {...}
I have experience configuring FreeRadius the original but was hoping
to move to 2.
LB
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Lisa Besko
IT Services
Wireless Team
Michigan State University
517-432-7317
be...@msu.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html