802.1x & kerberos
Lisa Besko
besko at msu.edu
Thu Oct 11 15:43:32 CEST 2007
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server and get authorized (and not get authorized with
bad information).
I can get EAP-TTLS to work if I put a user and a password in the radius
users file but that's not what we want. We need the kerberos piece to
work. I'd be happy to send some config files along if that would help.
I feel like I'm missing something small that's so obvious no one has
thought to document it.
We can get various parts working at any given moment with kerberos but
we can't get it all working.
Thanks,
LB
tnt at kalik.co.yu wrote:
> It should be. Use EAP-TTLS/PAP and configure kerberos module in
> radiusd.conf:
>
> http://wiki.freeradius.org/index.php/Rlm_krb5
>
> Make sure that it works without EAP first.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 10/10/2007, "Lisa Besko" <besko at msu.edu> piše:
>
>> Is there a way to do 802.1x with Kerberos authentication using Freeradius?
>>
>> If their is can anyone point me in the right direction?
>>
>> We have been trying eap-ttls most recently with very little luck but
>> everything I have read says this should be possible. What are we missing?
More information about the Freeradius-Users
mailing list