I'm having difficulties getting rlm_krb5 to authenticate to Active
Directory. The AD server is Windows 2003 R2. The freeradius server is
FreeBSD 8.0-RELEASE-p2 with freeradius-2.1.9 and heimdal-1.0.1
installed. The appropriate freeradius heimdal build switches were used
when building all this (built using FreeBSD ports).
I've got the freeradius service principal setup and I've been able to
test it using kinit, klist, etc. This uses, of course, the same keytab
that rlm_krb5 is configured to use.
When I try to test all this in debug mode with radtest I get this:
Found Auth-Type = Kerberos
+- entering group Kerberos {...}
rlm_krb5: Parsed name is: [email protected]
rlm_krb5: failed verify_user: Unknown error -1765328377
([email protected] )
++[krb5] returns reject
Does anybody have any ideas what I've done wrong or how I can go about
debugging this further?
Thanks
Dave Nelson
Skokie Public Library
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
