<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
Hello.<br>
sorry to disturb you.<br>
I disable all authentication modules in the authenticate session I left
only:<br>
<br>
# kerberos<br>
Auth-Type Kerberos {<br>
krb5 <br>
}<br>
<br>
eap<br>
<br>
in the authorize sezzion of radiusd.conf I disabled everything and I
left only<br>
eap and files<br>
<br>
in this way Kerberos authentication + ldap authorization works.<br>
I want ONLY this method to work, but also EAP-TLS with certificates
works,<br>
while I want to disable it for users.<br>
If I remove eap from the authorizatin section, I prefent certificate
authentication to<br>
work but also Kerberos authentication will not work.<br>
<br>
in my users file I have the string<br>
<br>
DEFAULT Auth-Type = Kerberos<br>
<br>
<br>
How I can solve this problem ?<br>
I tryed in all possible qays I Cannot disable EAP-TLS with certificates
if I want<br>
EAP-TTLS to work with kerberos and ldap.<br>
might you help me ?<br>
thanks<br>
<br>
Rick<br>
<br>
<br>
<br>
<br>
<br>
<br>
Alan DeKok wrote:
<blockquote cite="mid20060112184319.5103216E0B@mail.nitros9.org"
type="cite">
<pre wrap="">"Riccardo.Veraldi" <a class="moz-txt-link-rfc2396E" href="mailto:Riccardo.Veraldi@fi.infn.it"><Riccardo.Veraldi@fi.infn.it></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would like only users with kerberos credentials to being able to
authenticate
</pre>
</blockquote>
<pre wrap=""><!---->
Then delete everything from the "authenticate" section, except for
"eap" and "krb5". Also, ensure that nothing in the "authorize"
section obtains a clear-text password for the user from a database.
That guarantees:
a) no password by which to authenticate someone
b) therefore they must use kerberos
c) they can't use anything other than kerberos
Everyone else will have no way to get authenticated, and will be
rejected.
Alan DeKok.
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
</body>
</html>