<div>Hello,</div><div>I wonder if it is possible to configure freeradius to authenticate default windows supplicants (offering PEAP only method) to authenticate users in wired network against kerberos.</div><div>I have working configuration - freeradius can succesfully authenticate users against kerberos using DEFULT Auth-Type = Kerberos in users file:</div>
<div> </div><div>Found Auth-Type = Kerberos<br># Executing group from file /etc/raddb/sites-enabled/default<br>+- entering group Kerberos {...}<br>rlm_krb5: verify_krb_v5_tgt: host key not found : Key table entry not found<br>
++[krb5] returns ok<br># Executing section post-auth from file /etc/raddb/sites-enabled/default<br>+- entering group post-auth {...}<br>++[exec] returns noop<br>++[reply] returns noop<br>Sending Access-Accept of id 11 to 10.5.200.201 port 1645<br>
Service-Type = NAS-Prompt-User<br> Cisco-AVPair = "shell:priv-lvl=15"<br>Finished request 0.<br>Going to the next request<br></div><div> </div><div>Now I would like to protect ethernet network with 802.1x protocol. I am stuck, because I don't have User-Password inside of the PEAP tunnel (I know the reason why I don;t have that password there, no need to explain :)) which is needed for kerberos module.</div>
<div>Is there any other method to get it working ? I've googled out some info about using ttls tunnel instead of peap, but I have no idea how to force windows supplicants to do so.</div><div> </div><div>Best regards</div>
<div>--</div><div>Adrian</div>