FreeRadius 1.1.4 and rlm_krb5 and Active Directory

Kozlov Artem cl_5 at mail.ru
Wed Feb 28 14:30:39 CET 2007 

 
 Hi!
 
 I'm trying to configure freeradius with rlm_krb5 using mini howto from Enrik Berkhan http://archives.free.net.ph/message/20060104.153134.68c5be76.en.html
 , but i have some troubles.
 
 when i type 
 radtest user at office.ru userpass localhost 10 testing123
 
 i got:
 
 Sending Access-Request of id 145 to 127.0.0.1 port 1812
         User-Name = "user at office.ru"
         User-Password = "userpass"
         NAS-IP-Address = 255.255.255.255
         NAS-Port = 10
 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=145, length=20
 
 and radius log:
 
 Nothing to do.  Sleeping until we see a request.
 rad_recv: Access-Request packet from host 127.0.0.1:53441, id=145, length=105
         User-Name = "user at office.ru"
         User-Password = "userpass"
         NAS-IP-Address = 255.255.255.255
         NAS-Port = 10
   Processing the authorize section of radiusd.conf
  modcall: entering group authorize for request 3
   modcall[authorize]: module "preprocess" returns ok for request 3
   modcall[authorize]: module "chap" returns noop for request 3
   modcall[authorize]: module "mschap" returns noop for request 3
     rlm_realm: Looking up realm "office.ru" for User-Name = "user at office.ru"
     rlm_realm: No such realm "office.ru"
   modcall[authorize]: module "suffix" returns noop for request 3
   rlm_eap: No EAP-Message, not doing EAP
   modcall[authorize]: module "eap" returns noop for request 3
     users: Matched entry DEFAULT at line 152
   modcall[authorize]: module "files" returns ok for request 3
 rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
   modcall[authorize]: module "pap" returns noop for request 3
 modcall: leaving group authorize (returns ok) for request 3
   rad_check_password:  Found Auth-Type krb
 auth: type "krb"
   Processing the authenticate section of radiusd.conf
 modcall: entering group krb for request 3
 rlm_krb5: Parsed name is: user at office.ru 
 rlm_krb5: failed verify_user: Unknown error -1765328343 (user at office.ru )
   modcall[authenticate]: module "krb5" returns reject for request 3
 modcall: leaving group krb (returns reject) for request 3
 auth: Failed to validate the user.
 Login incorrect: [user at office.ru/userpass] (from client localhost port 10)
 Delaying request 3 for 1 seconds
 Finished request 3
 Going to the next request
 --- Walking the entire request list ---
 Waking up in 1 seconds...
 --- Walking the entire request list ---
 Sending Access-Reject of id 145 to 127.0.0.1 port 53441
 Waking up in 4 seconds...
 --- Walking the entire request list ---
 Cleaning up request 3 ID 145 with timestamp 45e576ce
 
 Somebody has experience of such adjustment?

More information about the Freeradius-Users mailing list