802.1x, deault windows supplicant and kerberos
Adrian Czapek
czapek.adrian at gmail.com
Mon Jun 18 10:32:42 CEST 2012
Hello,
I wonder if it is possible to configure freeradius to authenticate default
windows supplicants (offering PEAP only method) to authenticate users in
wired network against kerberos.
I have working configuration - freeradius can succesfully authenticate
users against kerberos using DEFULT Auth-Type = Kerberos in users file:
Found Auth-Type = Kerberos
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group Kerberos {...}
rlm_krb5: verify_krb_v5_tgt: host key not found : Key table entry not found
++[krb5] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
++[reply] returns noop
Sending Access-Accept of id 11 to 10.5.200.201 port 1645
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 0.
Going to the next request
Now I would like to protect ethernet network with 802.1x protocol. I am
stuck, because I don't have User-Password inside of the PEAP tunnel (I know
the reason why I don;t have that password there, no need to explain :))
which is needed for kerberos module.
Is there any other method to get it working ? I've googled out some info
about using ttls tunnel instead of peap, but I have no idea how to force
windows supplicants to do so.
Best regards
--
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120618/da70de1a/attachment.html>
More information about the Freeradius-Users
mailing list