802.1x & kerberos

tnt at kalik.co.yu tnt at kalik.co.yu
Thu Oct 11 16:11:25 CEST 2007

Can you post the debug (radiusd -X) for the same user with and without
EAP (using Kerberos - no users file entry).

Ivan Kalik
kalik Informatika ISP

Dana 11/10/2007, "Lisa Besko" <besko at msu.edu> piše:

>It works w/o EAP.  I can do a radtest with a valid userid and password 
>on the kerberos server and get authorized (and not get authorized with 
>bad information).
>I can get EAP-TTLS to work if I put a user and a password in the radius 
>users file but that's not what we want.  We need the kerberos piece to 
>work.  I'd be happy to send some config files along if that would help. 
>  I feel like I'm missing something small that's so obvious no one has 
>thought to document it.
>We can get various parts working at any given moment with kerberos but 
>we can't get it all working.
>tnt at kalik.co.yu wrote:
>> It should be. Use EAP-TTLS/PAP and configure kerberos module in
>> radiusd.conf:
>> http://wiki.freeradius.org/index.php/Rlm_krb5
>> Make sure that it works without EAP first.
>> Ivan Kalik
>> Kalik Informatika ISP
>> Dana 10/10/2007, "Lisa Besko" <besko at msu.edu> piše:
>>> Is there a way to do 802.1x with Kerberos authentication using Freeradius?
>>> If their is can anyone point me in the right direction?
>>> We have been trying eap-ttls most recently with very little luck but
>>> everything I have read says this should be possible.  What are we missing?
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list