Kerberos - Radius does not get password
Jörg Herzinger
joerg.herzinger at global2000.at
Thu May 10 17:39:53 CEST 2012
Hi,
Radius has been bugging me now for over a week and I just can't get it
working with Kerberos over WLan. I have been trying around a lot but in
the end I purged the freeradius packages and restarted from scratch with
default config (on Debian squeeze).
All I did was adding a client in clients.conf
client 192.168.0.0/16 {
secret = averysecretsecret
}
adding two entries in users.conf
testing Cleartext-Password := "pass"
DEFAULT Auth-Type = Kerberos
and adding Kerberos to authenticate in default and inner-tunnel right
after PAP:
Auth-Type Kerberos {
krb5
}
and I configured the Kerberos module. Now when testing with radtest both
(kerberos and testing from files) work fine
root at donauauen42 ~ # radtest testing pass radius 1 averysecretsecret
Sending Access-Request of id 166 to 192.168.43.118 port 1812
User-Name = "testing"
User-Password = "pass"
NAS-IP-Address = 192.168.42.42
NAS-Port = 1
rad_recv: Access-Accept packet from host 192.168.43.118 port 1812,
id=166, length=20
root at donauauen42 ~ # radtest pink.funk-greene XXXXX radius 1
averysecretsecret
Sending Access-Request of id 60 to 192.168.43.118 port 1812
User-Name = "pink.funk-greene"
User-Password = "XXXXX"
NAS-IP-Address = 192.168.42.42
NAS-Port = 1
rad_recv: Access-Accept packet from host 192.168.43.118 port 1812,
id=60, length=20
But when testing via WiFi just my testing user works, while my Kerberos
users won't work.
Not working Kerberos debug log: http://pastie.org/3890159
Vs. working plain users file log: http://pastie.org/3890167
Any help is appreceated. Thanks a lot...
--
Jörg Herzinger - EDV Team
GLOBAL 2000 - Friends of the Earth Austria
Neustiftgasse 36, A-1070 Wien
tel +43-699-14200030
Dieses Mail wurde mit Oekostrom und Opensource Software erstellt.
More information about the Freeradius-Users
mailing list