I removed the EAP line and keep only the Kerberos line in users DEFAULT Auth-Type := Kerberos I have this error using radtest: radtest "user@myrealm.org" "password" localhost 10 testing123 Sat Jun 19 23:53:10 2010 : Auth: rlm_krb5: [user] krb5_rd_req() failed: Wrong principal in request but I am sure the machine is configured correctly for kerberos, I have correct configuration in /etc/krb5.conf and I have /etc/krb5.keytab file correctly created everything look fine with kerberos on my radius server... any hints? thank you [root@radius ~]# kinit user Password for user@MYREALMG.ORG: [root@radius ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: user@MYREALMG.ORG Valid starting Expires Service principal 06/19/10 23:57:04 06/20/10 06:37:01 krbtgt/MYREALMG.ORG@MYREALMG.ORG Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Alan Buxey wrote:
Hi,
# users DEFAULT Auth-Type := eap
DEFAULT Auth-Type := Kerberos Fall-Through = 1
those are 2 conflicting entries. you should never need the first one. the second one is what you'll need...but the Fall-Through is superfluous
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html