Issue with Kerberos

Khapare Joshi khapare77 at gmail.com
Fri Dec 21 16:14:07 CET 2012 

I am testing Freeradius with kerberos. seems it is returning accept accept

Fri Dec 21 15:05:46 2012 : Info: [suffix] No '@' in User-Name = "test66",
looking up realm NULL
Fri Dec 21 15:05:46 2012 : Info: [suffix] No such realm "NULL"
Fri Dec 21 15:05:46 2012 : Info: ++[suffix] returns noop
Fri Dec 21 15:05:46 2012 : Info: [eap] No EAP-Message, not doing EAP
Fri Dec 21 15:05:46 2012 : Info: ++[eap] returns noop
Fri Dec 21 15:05:46 2012 : Info: [files] users: Matched entry DEFAULT at
line 1
Fri Dec 21 15:05:46 2012 : Info: ++[files] returns ok
Fri Dec 21 15:05:46 2012 : Info: ++[expiration] returns noop
Fri Dec 21 15:05:46 2012 : Info: ++[logintime] returns noop
Fri Dec 21 15:05:46 2012 : Info: [pap] WARNING! No "known good" password
found for the user.  Authentication may fail because of this.
Fri Dec 21 15:05:46 2012 : Info: ++[pap] returns noop
Fri Dec 21 15:05:46 2012 : Info: Found Auth-Type = Kerberos
Fri Dec 21 15:05:46 2012 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Fri Dec 21 15:05:46 2012 : Info: +- entering group kerberos {...}
Fri Dec 21 15:05:46 2012 : Debug: rlm_krb5: verify_krb_v5_tgt: host key not
found : Permission denied
Fri Dec 21 15:05:46 2012 : Info: ++[krb5] returns ok
Fri Dec 21 15:05:46 2012 : Info: # Executing section post-auth from file
/etc/raddb/sites-enabled/default
Fri Dec 21 15:05:46 2012 : Info: +- entering group post-auth {...}
Fri Dec 21 15:05:46 2012 : Info: ++[exec] returns noop
Sending Access-Accept of id 219 to 192.168.1.1 port 33193


It always says permission denied then returns krb5 ok, What permission
denied it is saying ? I generated service and host principal and exported
keytab file in my radius server then added /etc/raddb/modules/krb5 file.
But I always get permission denied debug output.

another this is why PAP saying authentication may fail and then process the
kerberos part - is this normal ?

Thanks

Merry Xmas,

KH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121221/6ae33314/attachment.html>

More information about the Freeradius-Users mailing list