My bad, I didn't know radius service is running under the user 'radiusd'. I had to give that user read access to the host's keytab file. Kerberos recommends to only give read/write access to to root though, so I'm not entirely sure if there is any security issues with what I did. On Fri, Jul 3, 2020 at 6:01 AM Marcelito de Guzman <marzzz21@gmail.com> wrote:
On my freeradius server, I am able to retrieve a ticket for the host though. Confirmed with via 'kinit' and 'klist', so read permission to /etc/krb5.keytab is not the case here. No errors on my kerberos logs either.
On Fri, Jul 3, 2020 at 5:26 AM Alan DeKok <aland@deployingradius.com> wrote:
On Jul 2, 2020, at 5:02 PM, Marcelito de Guzman <marzzz21@gmail.com> wrote:
My freeradius server is able to connect to the kerberos server. I can obtain a ticket via 'kinit'. However, I can't seem to authenticate users. I'm getting an error: `krb5: ERROR: Error verifying credentials (13): Permission denied` Is there any other setup I need to make? What factors are plausibly causing the error?
That error is coming from the Kerberos library or server. So you'll have to debug that.
Maybe FreeRADIUS doesn't have permission to read /etc/krb5.keytab ?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html