Auth-Type krb5 not recognized by v2.1.12
Matthew Newton
mcn4 at leicester.ac.uk
Wed Mar 27 13:02:15 CET 2013
On Wed, Mar 27, 2013 at 04:09:09AM +0100, Jaap Winius wrote:
> Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
>
> >... you should be using 2.2.0 or 2.2.1 when it's release, as the
> >2.1.10/11/12 releasea have a known security issue.
>
> I'll be sure to install 2.2.x as soon as a Debian package becomes
> available for it, but for now I'm going to stick with 2.1.x.
For what it's worth, rolling your own FreeRADIUS packages for
Debian is trivial.
http://wiki.freeradius.org/building/Build#Building-Debian-packages
> After upgrading to 2.1.12, what kills my setup is that Freeradius
> will no longer start up if I leave 'DEFAULT Auth-Type = krb5'
> enabled in the users file.
That's interesting, but without a copy of the debug output from
radiusd -X, nobody will know where to start.
You could also put the following in your inner-tunnel, rather than
the line in your users file, which is probably the tidier way:
update control {
Auth-Type := krb5
}
but both should work. We need full debug output.
> But if I disable it, I get exactly the same failure output as I
> do from 2.1.10 when I disable that line in the users file.
Understandable; that's not the issue here.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list