problem migrating to freeradius2 with LDAP/krb5 Authorization/Authentication

Riccardo Veraldi Riccardo.Veraldi at
Sun Jun 20 00:00:19 CEST 2010

I removed the EAP line and keep only the Kerberos line in users

DEFAULT        Auth-Type := Kerberos

I have this error using radtest:

radtest "user at" "password"  localhost 10 testing123

Sat Jun 19 23:53:10 2010 : Auth: rlm_krb5: [user] krb5_rd_req() failed: 
Wrong principal in request

but I am sure the machine is configured correctly for kerberos, I have 
configuration in /etc/krb5.conf and I have /etc/krb5.keytab file 
correctly created

everything look fine with kerberos on my radius server... any hints?

thank you

[root at radius ~]# kinit user
Password for user at MYREALMG.ORG:

[root at radius ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user at MYREALMG.ORG

Valid starting     Expires            Service principal
06/19/10 23:57:04  06/20/10 06:37:01  krbtgt/MYREALMG.ORG at MYREALMG.ORG

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

Alan Buxey wrote:
> Hi,
>> # users
>> DEFAULT         Auth-Type := eap
>> DEFAULT        Auth-Type := Kerberos
>>         Fall-Through = 1
> those are 2 conflicting entries.  you should never need the
> first one. the second one is what you'll need...but the Fall-Through
> is superfluous
> alan
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list