rlm_krb5 and Active Directory
David Nelson
david.nelson at gpsdo.com
Wed Jun 9 23:52:22 CEST 2010
I'm having difficulties getting rlm_krb5 to authenticate to Active
Directory. The AD server is Windows 2003 R2. The freeradius server is
FreeBSD 8.0-RELEASE-p2 with freeradius-2.1.9 and heimdal-1.0.1
installed. The appropriate freeradius heimdal build switches were used
when building all this (built using FreeBSD ports).
I've got the freeradius service principal setup and I've been able to
test it using kinit, klist, etc. This uses, of course, the same keytab
that rlm_krb5 is configured to use.
When I try to test all this in debug mode with radtest I get this:
Found Auth-Type = Kerberos
+- entering group Kerberos {...}
rlm_krb5: Parsed name is: XXXXXXX at SKOKIE.LIB.IL.US
rlm_krb5: failed verify_user: Unknown error -1765328377
(XXXXXXX at SKOKIE.LIB.IL.US )
++[krb5] returns reject
Does anybody have any ideas what I've done wrong or how I can go about
debugging this further?
Thanks
Dave Nelson
Skokie Public Library
More information about the Freeradius-Users
mailing list