802.1x & kerberos
Lisa Besko
besko at msu.edu
Mon Oct 15 18:22:17 CEST 2007
Alan DeKok wrote:
>> DEFAULT Auth-Type := Kerberos
>> Fall-Through = 1
>
> An earlier message in this thread said "Auth-Type = Kerberos". What
> you have above is different.
An here in lies the problem. I just went back and tested this. I had
been working with Walt Reynolds on the issue and we had shared some
files and after that things started working with a Mac client but not
with my Win XP client (one of the Xsupplicants we had installed had
hosed the system so I couldn't tell when things had gotten better).
According to the man 5 users page:
Auth-Type = Kerberos is allowed for a server configuration variable such
as Auth-Type, where as
Auth-Type := Kerberos (note the Colon before the equal sign) is a check
item and replaces in the configuration items any attribute of the same name.
Having the colon there or not there made a very big difference in how it
behaved.
I really appreciate every one that took the time to help figure this
out. We actually had it working before I saw Alans message but it's
nice to know exactly what that tiny piece did.
Thanks,
LB
More information about the Freeradius-Users
mailing list