Auth-Type krb5 not recognized by v2.1.12

Matthew Newton mcn4 at
Thu Mar 28 00:24:03 CET 2013

On Wed, Mar 27, 2013 at 07:06:09PM +0100, Jaap Winius wrote:
> >That's interesting, but without a copy of the debug output from
> >radiusd -X, nobody will know where to start.
> I included what I thought was the most relevant output from
> 'freeradius -X', because the entire exchanges were about 12 times
> longer. But, if you think it would make a difference, I'll be sure
> to include all of it next time.

Lots of people do that, and mean well. Most of them are
subsequently asked to post the rest of the debug output. It often
contains things that you don't realise are important.

In your case, I wonder if either the order of module instantiation
has meant that files is being loaded before kerberos, or something
in a dictionary has changed. It's hard to tell without other
information. I wouldn't expect this to break between 2.1.10 and

> >You could also put the following in your inner-tunnel, rather than
> >the line in your users file, which is probably the tidier way:
> >
> >update control {
> >  Auth-Type := krb5
> >}
> That's it -- it works!!


> I no longer have "DEFAULT Auth-Type = krb5"

Possibly using

DEFAULT Auth-Type := krb5

may have fixed it, too. Auth-Type might have been being set by
something else beforehand, and needed the := to force it.

But unlang is probably tidier than files here.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list