802.1x & kerberos

Lisa Besko besko at msu.edu
Thu Oct 11 15:43:32 CEST 2007


It works w/o EAP.  I can do a radtest with a valid userid and password 
on the kerberos server and get authorized (and not get authorized with 
bad information).

I can get EAP-TTLS to work if I put a user and a password in the radius 
users file but that's not what we want.  We need the kerberos piece to 
work.  I'd be happy to send some config files along if that would help. 
  I feel like I'm missing something small that's so obvious no one has 
thought to document it.

We can get various parts working at any given moment with kerberos but 
we can't get it all working.

Thanks,

LB

tnt at kalik.co.yu wrote:
> It should be. Use EAP-TTLS/PAP and configure kerberos module in
> radiusd.conf:
> 
> http://wiki.freeradius.org/index.php/Rlm_krb5
> 
> Make sure that it works without EAP first.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 10/10/2007, "Lisa Besko" <besko at msu.edu> piše:
> 
>> Is there a way to do 802.1x with Kerberos authentication using Freeradius?
>>
>> If their is can anyone point me in the right direction?
>>
>> We have been trying eap-ttls most recently with very little luck but
>> everything I have read says this should be possible.  What are we missing?



More information about the Freeradius-Users mailing list