802.1x & kerberos
tnt at kalik.co.yu
tnt at kalik.co.yu
Thu Oct 11 16:11:25 CEST 2007
Can you post the debug (radiusd -X) for the same user with and without
EAP (using Kerberos - no users file entry).
Ivan Kalik
kalik Informatika ISP
Dana 11/10/2007, "Lisa Besko" <besko at msu.edu> piše:
>It works w/o EAP. I can do a radtest with a valid userid and password
>on the kerberos server and get authorized (and not get authorized with
>bad information).
>
>I can get EAP-TTLS to work if I put a user and a password in the radius
>users file but that's not what we want. We need the kerberos piece to
>work. I'd be happy to send some config files along if that would help.
> I feel like I'm missing something small that's so obvious no one has
>thought to document it.
>
>We can get various parts working at any given moment with kerberos but
>we can't get it all working.
>
>Thanks,
>
>LB
>
>tnt at kalik.co.yu wrote:
>> It should be. Use EAP-TTLS/PAP and configure kerberos module in
>> radiusd.conf:
>>
>> http://wiki.freeradius.org/index.php/Rlm_krb5
>>
>> Make sure that it works without EAP first.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 10/10/2007, "Lisa Besko" <besko at msu.edu> piše:
>>
>>> Is there a way to do 802.1x with Kerberos authentication using Freeradius?
>>>
>>> If their is can anyone point me in the right direction?
>>>
>>> We have been trying eap-ttls most recently with very little luck but
>>> everything I have read says this should be possible. What are we missing?
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list