Hello,
I wonder if it is possible to configure freeradius to authenticate default windows supplicants (offering PEAP only method) to authenticate users in wired network against kerberos.
I have working configuration - freeradius can succesfully authenticate users against kerberos using DEFULT Auth-Type = Kerberos in users file:
Found Auth-Type = Kerberos
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group Kerberos {...}
rlm_krb5: verify_krb_v5_tgt: host key not found : Key table entry not found
++[krb5] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
++[reply] returns noop
Sending Access-Accept of id 11 to 10.5.200.201 port 1645
Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 0.
Going to the next request
Now I would like to protect ethernet network with 802.1x protocol. I am stuck, because I don't have User-Password inside of the PEAP tunnel (I know the reason why I don;t have that password there, no need to explain :)) which is needed for kerberos module.
Is there any other method to get it working ? I've googled out some info about using ttls tunnel instead of peap, but I have no idea how to force windows supplicants to do so.
Best regards
--
Adrian