On Mon, Sep 02, 2013 at 04:23:52PM +0200, Wolfgang Schweer wrote: > On Mon, Sep 02, 2013 at 01:53:37PM +0200, Giorgio Pioda wrote: > > > > I'm getting crazy about setting up freeradius for wifi login. > > > > I've followed Wolfgang's tip in the german user group. > > I've posted that in English, too: > > http://lists.debian.org/debian-edu/2012/12/msg00057.html > > > 1) I've set the principal as radius/tjener.intern@INTERN > > 2) The keytab /etc/krb5.keytab.radius with user and group freerad 0600 > > and added the key > > > > 3) Conf. according Wolfgang. Still I get strange errors > > in debug mode. Freeradius complains about missing REALM, but either > > using username or username@INTERN the result is the same error. > > > > 4) About the client setup (network manager). PEAP external is correct, > > or I have to choose TLS or other options? > > On the client use EAP-TTLS-PAP, PEAP won't work. > > Good luck. (ATM, I can't test this setup for wheezy...) > > Wolfgang >
Thanks, Wolfgang It's not a language matter since I'm swiss. The two instructions are pretty similar, out of the preprocess stuff. What I see in the debug mode is the following error "krb5_rd_req() failed: Permission denied in replay cache code" searching around I've found similar problem related with selinux on fedora machines. AFAIK selinux is NOT active by default in debian, so I guess the problem should be elsewhere. I have to add to this report, that testing the login with radtest I see that using it with passwd that contains special character (like $ # or other symbols) the output in the line "User-Password" is wrong. Any idea is wellcome, of course. Regards -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
