I'm stuck; FreeRadius and Heimdal Kerberos

Ronni Feldt rofe at one.com
Thu Oct 16 11:36:28 CEST 2008 

Okey - got a bit futher.

Had forgot to add the HP-Switch in the clients.conf
Now it evaluates me against Radius, but I get the following error:

Please Enter Login Name: rofe
Please Enter Password: 
Access denied: no user's privilege level supplied by the RADIUS server

But now I'm stuck again. Where do I specify privileges ?

- Ronni


On Thu, 2008-10-16 at 10:45 +0200, Ronni Feldt wrote:
> Hi,
> 
> I am trying to get FreeRadius to work with Heimdal Kerberos.
> 
> What I use:
> Ubuntu 8.04
> FreeRadius 1.1.7-1build4
> Heimdal-kdc 1.0.1-5ubuntu4
> 
> I have installed Heimdal Kerberos and get tickets. My next step is to
> get FreeRadius to work with Heimdal and then logging in to my HP-Switch
> using FreeRadius.
> 
> I have done the following:
> 
> # Heimdal Kerberos information
> REALM = ONE.COM
> HOST = rofe
> 
> # In Heimdal Kerberos
> kadmin -l
> kadmin> add radius
> kadmin> ext_keytab --keytab=/etc/krb5.keytab radius
> kadmin> add rofe
> 
> # Installing FreeRadius
> apt-get install freeradius freeradius-krb5
> 
> # Added the following in /etc/freeradius/radiusd.conf
> #  In the authenticate section
> 
> Auth-Type Kerberos {
>     krb5
> }
> 
> #  In the modules section
> krb5 {
>     # keytab containing the key used by rlm_krb5
>     keytab = /etc/krb5.keytab
>    
>     # principal that is used by rlm_krb5
>     service_principal = radius/rofe.one.com
> }
> 
> I have followed what documentation I could find;
> http://wiki.freeradius.org/Rlm_krb5
> 
> # Then I configured my HP-Switch:
> radius-server host 192.168.212.93
> radius-server key <key>			# As key I used the principal radius password
> - correct ?
> 
> aaa authentication ssh login radius local
> aaa authentication ssh enable radius local
> aaa authentication telnet login radius local
> aaa authentication telnet enable radius local
> aaa authentication login privilege-mode
> 
> # Then I tried to login using telnet
> telnet 192.168.212.4
> 
> # Gets prompted for username and password and uses principal rofe and my password but gets this error:
> Can't reach RADIUS server 192.168.212.93
> 
> 
> I can ping 192.168.212.4 from the HP-Switch.
> I don't know what to do or where to look - I'm stuck!
> 
> 
> - Ronni
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list