Grouping after Kerberos 5 authentication accepted?

[Jason Chan]

I'm using Redhat Enterprise Linux and here is my steps to setup
FreeRadius

1) Make SURE you have installed MIT Kerberos on your linux (krb5
packages)
2) Configure Realm, KDC servers, etc... for your linux
(system-config-authentication for redhat)
3) Install FreeRadius
4) Make SURE you have rlm_krb5 modules in /usr/local/lib
5) Open and edit /usr/local/etc/raddb/radiusd.conf:

	Add the following in modules {...} (around line 580)

	# Kerbero 5 module
	krb5 {
		authtype = Kerberos
	}

	And the following in authenticate {...} (around line 1920)

	Auth-Type Kerberos {
		krb5
	}

	Add the following in users file

	DEFAULT Auth-Type := Kerberos


It should work. If radiusd complains about Pre-Auth failed then double
check your Linux Kerberos setting


-----Original Message-----
From: Donny Jekels [mailto:djekels at gmail.com] 
Sent: Thursday, April 19, 2007 3:20 PM
To: jchan2 at utm.utoronto.ca; FreeRadius users mailing list
Subject: Re: Grouping after Kerberos 5 authentication accepted?


I have been following your thread and am interrested to find out how do
d you get freeradius to do authentication wiht kerberos?
any config examples would be helpfull.


On 4/18/07, Jason Chan <jchan2 at utm.utoronto.ca> wrote:
Hello,

Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?

My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated, RADIUS will check

and decide if this user can access the switches or particular servers
(i.e. Allow telnet to the switch if the user belongs to the 'switch
administrator' group).

I've looked in the huntgroup file but it seems to require a lot of works

for a very large company (5000+ users), and the problem is we can't
touch the Kerberos server.

Any help would be appreciated. Thank you


Regards,
Jason

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html