Re: 802.1x & kerberos

It works w/o EAP. I can do a radtest with a valid userid and password on the kerberos server and get authorized (and not get authorized with bad information).
I can get EAP-TTLS to work if I put a user and a password in the radius users file but that's not what we want. We need the kerberos piece to work. I'd be happy to send some config files along if that would help. I feel like I'm missing something small that's so obvious no one has thought to document it.
We can get various parts working at any given moment with kerberos but we can't get it all working. 

Thanks,

LB

tnt@kalik.co.yu wrote:

It should be. Use EAP-TTLS/PAP and configure kerberos module in
radiusd.conf:

http://wiki.freeradius.org/index.php/Rlm_krb5

Make sure that it works without EAP first.

Ivan Kalik
Kalik Informatika ISP


Dana 10/10/2007, "Lisa Besko" <besko@msu.edu> piše:


Is there a way to do 802.1x with Kerberos authentication using Freeradius?

If their is can anyone point me in the right direction?

We have been trying eap-ttls most recently with very little luck but
everything I have read says this should be possible.  What are we missing?
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.