I'm using Redhat Enterprise Linux and here is my steps to setup

1) Make SURE you have installed MIT Kerberos on your linux (krb5
2) Configure Realm, KDC servers, etc... for your linux
(system-config-authentication for redhat)
3) Install FreeRadius
4) Make SURE you have rlm_krb5 modules in /usr/local/lib
5) Open and edit /usr/local/etc/raddb/radiusd.conf:

        Add the following in modules {...} (around line 580)

        # Kerbero 5 module
        krb5 {
                authtype = Kerberos

        And the following in authenticate {...} (around line 1920)

        Auth-Type Kerberos {

        Add the following in users file

        DEFAULT Auth-Type := Kerberos

It should work. If radiusd complains about Pre-Auth failed then double
check your Linux Kerberos setting

-----Original Message-----
From: Donny Jekels [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 19, 2007 3:20 PM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: Grouping after Kerberos 5 authentication accepted?

I have been following your thread and am interrested to find out how do
d you get freeradius to do authentication wiht kerberos?
any config examples would be helpfull.

On 4/18/07, Jason Chan <[EMAIL PROTECTED]> wrote:

Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?

My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated, RADIUS will check

and decide if this user can access the switches or particular servers
(i.e. Allow telnet to the switch if the user belongs to the 'switch
administrator' group).

I've looked in the huntgroup file but it seems to require a lot of works

for a very large company (5000+ users), and the problem is we can't
touch the Kerberos server.

Any help would be appreciated. Thank you


List info/subscribe/unsubscribe? See

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to