How to authenticate users against a Windoze AD server with krb5?

Kenneth G. Arnold bkarnold at
Tue May 31 16:05:40 CEST 2005

I know what you mean about the lack of documentation for using Kerberos 
authentication with FreeRadius.  I pieced together the correct method using 
the documentation from the distribution, emails in the archives of this 
mailing list and trial and error.  I am authenticating with the SEAM 
process on Solaris 10 which is MIT Kerberos V.  I installed FreeRadius on a 
machine running Solaris 9.

FreeRadius defaults to using MIT Kerberos V but can be changed to use the 
Heimdal version instead.  I didn't see any documentation that says that you 
can use an Active Directory for Kerberos authentication.

On what operating system is FreeRadius installed?
Is there an MIT Kerberos V or Heimdal Kerberos V installation on the same box?
Did your compilation successfully build the rlm_krb5 libraries?
When you start radiusd with the -X option do you see that it is actually 
using the rlm_krb5 module?

At 03:15 AM 5/31/2005, you wrote:
>Hi list,
>I'm trying to authenticate users against a Windows AD server using the
>krb5 module... but due to missing documentation on how to do this, I'm
>When I try to get a Kerberos ticket using kinit on the radius machine,
>it works. But when I try to use the krb5 module, it always gives me a
>Is there anywhere a detailed howto available? Google didn't help me
>much... :(
>Arne Götje (高盛華) <arne at>
>PGP/GnuPG key: 1024D/685D1E8C
>Fingerprint: 2056 F6B7 DEA8 B478 311F  1C34 6E9F D06E 685D 1E8C
>Key available at   Encrypted e-mail preferred.
>List info/subscribe/unsubscribe? See

Brother Kenneth Arnold
System Administrator
Information Technology Services
Christian Brothers University
(901) 321-4333

More information about the Freeradius-Users mailing list