EAP-TTLS with LDAP and KRB5?
Alan DeKok
aland at deployingradius.com
Wed Oct 15 07:47:48 CEST 2008
Jonathan D. Proulx wrote:
> using 1.1.7 (forgive me)
And we say... upgrade. :) It will make solving this problem easier.
> I have EAP-TTLS working from the files module and I have krb5
> athentication working with ldap authorization fro radtest, but when I
> try EAP-TTLS as an ldap user I fail to connect, and the sever never
> seems to try the krb5 module.
You will need to put something like this in the "users" file:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Auth-Type := Kerberos
> Before I start pulling my hair out is even possible?
Yes. IF the inner tunnel session contains a cleartext password. CHAP
won't work, and neither will MS-CHAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list