rlm_krb5 and Active Directory

David Nelson david.nelson at gpsdo.com
Wed Jun 9 23:52:22 CEST 2010

I'm having difficulties getting rlm_krb5 to authenticate to Active 
Directory. The AD server is Windows 2003 R2. The freeradius server is 
FreeBSD 8.0-RELEASE-p2 with freeradius-2.1.9 and heimdal-1.0.1 
installed. The appropriate freeradius heimdal build switches were used 
when building all this (built using FreeBSD ports).

I've got the freeradius service principal setup and I've been able to 
test it using kinit, klist, etc. This uses, of course, the same keytab 
that rlm_krb5 is configured to use.

When I try to test all this in debug mode with radtest I get this:

Found Auth-Type = Kerberos
+- entering group Kerberos {...}
rlm_krb5: Parsed name is: XXXXXXX at SKOKIE.LIB.IL.US
rlm_krb5: failed verify_user: Unknown error -1765328377 
++[krb5] returns reject

Does anybody have any ideas what I've done wrong or how I can go about 
debugging this further?


Dave Nelson
Skokie Public Library

More information about the Freeradius-Users mailing list