802.1x, deault windows supplicant and kerberos
Alan DeKok
aland at deployingradius.com
Mon Jun 18 10:43:21 CEST 2012
Adrian Czapek wrote:
> Hello,
> I wonder if it is possible to configure freeradius to authenticate
> default windows supplicants (offering PEAP only method) to authenticate
> users in wired network against kerberos.
> I have working configuration - freeradius can succesfully authenticate
> users against kerberos using DEFULT Auth-Type = Kerberos in users file:
Kerberos is incompatible with PEAP.
http://deployingradius.com/documents/protocols/compatibility.html
> Now I would like to protect ethernet network with 802.1x protocol. I am
> stuck, because I don't have User-Password inside of the PEAP tunnel (I
> know the reason why I don;t have that password there, no need to explain
> :)) which is needed for kerberos module.
> Is there any other method to get it working ? I've googled out some info
> about using ttls tunnel instead of peap, but I have no idea how to force
> windows supplicants to do so.
Change the supplicant to use EAP-GTC. That might work.
Otherwise, it's impossible.
Alan DeKok.
More information about the Freeradius-Users
mailing list