freeradius Kerberos config in users file ?

Riccardo Veraldi Riccardo.Veraldi at
Wed Jun 23 10:10:47 CEST 2010

I have just a question.

if I configure freeradius2 with krb5 authentication and I use the 
following users file,
the authentication works using radtest

DEFAULT        Auth-Type := Kerberos

but it fails using EAP (EAP-TTLS) telling USer-PAssword attribute is 

rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Kerberos
+- entering group Kerberos {...}
rlm_krb5: Attribute "User-Password" is required for authentication.
++[krb5] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> veraldi at
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 95 to port 1645
Waking up in 2.9 seconds.

if I instead use the following users file:

DEFAULT        Auth-Type = Kerberos

both radtest and EAP authentication works, and thtat's good, but why ?



More information about the Freeradius-Users mailing list