Jakob Oestergaard <[EMAIL PROTECTED]> wrote: > The kerberos module complained that no "User-Password" was sent, and > therefore it couldn't try authenticating against the kerb. server.
Because: a) the server got EAP, and you told it to do kerberos or b) the tunneled authentication protocol wasn't PAP. > If I ran with Auth-Type = EAP, then the TTLS encapsulated PAP messages > would be decoded correctly and I could see the supplied password in > clear text. So Kerberos should work, then. > If I ran with Auth-Type = Kerberos, only the User-Name would be > decoded, no User-Password. Huh? What do you mean by that? If you can see the clear-text password inside of the tunnel, then kerberos should work. Run it in debugging mode to see what it's doing. NOTHING else will solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
