Adrian Czapek wrote:
Hello, I wonder if it is possible to configure freeradius to authenticate default windows supplicants (offering PEAP only method) to authenticate users in wired network against kerberos. I have working configuration - freeradius can succesfully authenticate users against kerberos using DEFULT Auth-Type = Kerberos in users file:
Kerberos is incompatible with PEAP. http://deployingradius.com/documents/protocols/compatibility.html
Now I would like to protect ethernet network with 802.1x protocol. I am stuck, because I don't have User-Password inside of the PEAP tunnel (I know the reason why I don;t have that password there, no need to explain :)) which is needed for kerberos module. Is there any other method to get it working ? I've googled out some info about using ttls tunnel instead of peap, but I have no idea how to force windows supplicants to do so.
Change the supplicant to use EAP-GTC. That might work. Otherwise, it's impossible. Alan DeKok.