freeradius Kerberos config in users file ?
Riccardo Veraldi
Riccardo.Veraldi at cnaf.infn.it
Wed Jun 23 10:10:47 CEST 2010
Hello,
I have just a question.
if I configure freeradius2 with krb5 authentication and I use the
following users file,
the authentication works using radtest
DEFAULT Auth-Type := Kerberos
but it fails using EAP (EAP-TTLS) telling USer-PAssword attribute is
missing...
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = Kerberos
+- entering group Kerberos {...}
rlm_krb5: Attribute "User-Password" is required for authentication.
++[krb5] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> veraldi at cnaf.infn.it
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 5 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 5
Sending Access-Reject of id 95 to 192.168.252.17 port 1645
Waking up in 2.9 seconds.
if I instead use the following users file:
DEFAULT Auth-Type = Kerberos
both radtest and EAP authentication works, and thtat's good, but why ?
thanks
Rick
More information about the Freeradius-Users
mailing list