802.1x & kerberos

Lisa Besko besko at msu.edu
Mon Oct 15 18:22:17 CEST 2007

Alan DeKok wrote:

>> DEFAULT Auth-Type := Kerberos
>>         Fall-Through = 1
>   An earlier message in this thread said "Auth-Type = Kerberos".  What
> you have above is different.  

An here in lies the problem.  I just went back and tested this.  I had 
been working with Walt Reynolds on the issue and we had shared some 
files and after that things started working with a Mac client but not 
with my Win XP client (one of the Xsupplicants we had installed had 
hosed the system so I couldn't tell when things had gotten better).

According to the man 5 users page:

Auth-Type = Kerberos is allowed for a server configuration variable such 
as Auth-Type, where as

Auth-Type := Kerberos (note the Colon before the equal sign) is a check 
item and replaces in the configuration items any attribute of the same name.

Having the colon there or not there made a very big difference in how it 

I really appreciate every one that took the time to help figure this 
out.  We actually had it working before I saw Alans message but it's 
nice to know exactly what that tiny piece did.



More information about the Freeradius-Users mailing list