freradius and krb5 interaction

[Geoff Silver]

I haven't tried rlm_krb5, but I've done a lot of kerberos management, so 
maybe I can help.  If there are any kerberos-specific parameters that 
rlm_krb5 needs, someone else might be able to shed light on them for you.

I presume kerberos is working on this system otherwise (eg. you can ssh 
or telnet -ax into this system)?  I know Sun's kerberos packages look 
for /etc/krb5/krb5.keytab and /etc/krb5/krb5.conf, so if you're using 
Solaris, make sure those files are symlinked.  Verify 'klist -k' shows 
the same keytab version number (KVNO) as your KDC, since creating a new 
keytab will wipe out the old one.  Other than that, run radiusd under 
strace and check to see what keytab file rlm_krb5 is actually trying to 
open and what the error is.

Riccardo.Veraldi wrote:
>
> Hello,
> I am using freeradius with EAP-TTLS + kereros authentication + ldap 
> authorization.
> Everyhtign works but I have this error:
>
> rlm_krb5: verify_krb_v5_tgt: host key not found : key table erntry not 
> found
>
> I checked and the permissions on /etc/krb5.keytab are correct...
>
> anyone has a hint for me ?
>
> thanks
> Rick
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html