How to authenticate users against a Windoze AD server with krb5?
Kenneth G. Arnold
bkarnold at cbu.edu
Tue May 31 16:05:40 CEST 2005
I know what you mean about the lack of documentation for using Kerberos
authentication with FreeRadius. I pieced together the correct method using
the documentation from the distribution, emails in the archives of this
mailing list and trial and error. I am authenticating with the SEAM
process on Solaris 10 which is MIT Kerberos V. I installed FreeRadius on a
machine running Solaris 9.
FreeRadius defaults to using MIT Kerberos V but can be changed to use the
Heimdal version instead. I didn't see any documentation that says that you
can use an Active Directory for Kerberos authentication.
On what operating system is FreeRadius installed?
Is there an MIT Kerberos V or Heimdal Kerberos V installation on the same box?
Did your compilation successfully build the rlm_krb5 libraries?
When you start radiusd with the -X option do you see that it is actually
using the rlm_krb5 module?
At 03:15 AM 5/31/2005, you wrote:
>I'm trying to authenticate users against a Windows AD server using the
>krb5 module... but due to missing documentation on how to do this, I'm
>When I try to get a Kerberos ticket using kinit on the radius machine,
>it works. But when I try to use the krb5 module, it always gives me a
>Is there anywhere a detailed howto available? Google didn't help me
>Arne GÃ¶tje (é«çè¯) <arne at linux.org.tw>
>PGP/GnuPG key: 1024D/685D1E8C
>Fingerprint: 2056 F6B7 DEA8 B478 311F 1C34 6E9F D06E 685D 1E8C
>Key available at wwwkeys.pgp.net. Encrypted e-mail preferred.
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brother Kenneth Arnold
Information Technology Services
Christian Brothers University
More information about the Freeradius-Users