On Wed, 6 Nov 2002, Alan DeKok wrote:
> Brian Johnson <[EMAIL PROTECTED]> wrote:
> > modcall: group authorize returns ok
> > rad_check_password: Found Auth-Type Kerberos
> > auth: type "Kerberos"
> > auth: Failed to validate the user.
>
> Yup. The kerberos module returns helpful debugging messages,
> doesn't it?
Heh, yeah, it does seem to be a little vague....
>
> > As always, I'm happy to provide any additional information.
>
> A patch to rlm_krb5, so that it takes any return error string/code
> from kerberos, and outputs debug information saying WHY it failed?
Hehe, sadly, at the moment I have no coding abilities and I know enough
about kerberos to be dangerous, so unfortunately I'm definitely the wrong
man for the job. However, by the time this is said and done, I'll
probably be an expert in kerberos, and then, after I get my butt in gear
and start programming, I'll come back and it'll be the first thing I do
:).
Actually, there is a piece of information I can provide
(and probably should've said in my last post)....unfortunately I'm still
unable to find anything telling me what needs to be added to radiusd.conf
for krb5...I've tried a few guesses (nothing really more than adding krb5
and an open and closed curly bracket following under the 'modules'
section), but unfortunately my lame attempt didn't seem to do much
good. Here's the information after I start the server:
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addre
ss, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de
tail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
No mention of krb in the module section at all. If someone could point me
in the direction of something that tells what I need to put in
radiusd.conf, I think it'll definitely help, if not solve my problem.
Thanks!
Brian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
