problem migrating to freeradius2 with LDAP/krb5 Authorization/Authentication
Riccardo Veraldi
Riccardo.Veraldi at cnaf.infn.it
Sun Jun 20 00:00:19 CEST 2010
I removed the EAP line and keep only the Kerberos line in users
DEFAULT Auth-Type := Kerberos
I have this error using radtest:
radtest "user at myrealm.org" "password" localhost 10 testing123
Sat Jun 19 23:53:10 2010 : Auth: rlm_krb5: [user] krb5_rd_req() failed:
Wrong principal in request
but I am sure the machine is configured correctly for kerberos, I have
correct
configuration in /etc/krb5.conf and I have /etc/krb5.keytab file
correctly created
everything look fine with kerberos on my radius server... any hints?
thank you
[root at radius ~]# kinit user
Password for user at MYREALMG.ORG:
[root at radius ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user at MYREALMG.ORG
Valid starting Expires Service principal
06/19/10 23:57:04 06/20/10 06:37:01 krbtgt/MYREALMG.ORG at MYREALMG.ORG
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Alan Buxey wrote:
> Hi,
>
>
>> # users
>> DEFAULT Auth-Type := eap
>>
>> DEFAULT Auth-Type := Kerberos
>> Fall-Through = 1
>>
>
> those are 2 conflicting entries. you should never need the
> first one. the second one is what you'll need...but the Fall-Through
> is superfluous
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list