Freeradius authentification against Kerberos

Stefan Paetow Stefan.Paetow at ja.net
Wed Jul 23 18:25:35 CEST 2014


Hi Benjamin,

Windows 7 does not support EAP-TTLS out of the box. You have to install a third-party supplicant (SecureW2 appears to be the favourite) to gain EAP-TTLS support.

Stefan


From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On Behalf Of Benjamin Stahl (TH-Wildau.de)
Sent: 23 July 2014 16:54
To: FreeRadius users mailing list
Subject: Re: Freeradius authentification against Kerberos

Hey thanks for your fast answer.

As a Windows 7 client, i can only authentificate PEAP - MSCHAPv2, right?
I looked at the network settings, i did not find EAP-TTLS. Is it right?


Cannot use PEAP MSCHAPv2. You have to use EAP-TTLS.


Am 23.07.2014 um 17:10 schrieb Wang, Yu <ywang10 at fsu.edu<mailto:ywang10 at fsu.edu>>:



From: freeradius-users-bounces+ywang10=fsu.edu at lists.freeradius.org<mailto:freeradius-users-bounces+ywang10=fsu.edu at lists.freeradius.org> [mailto:freeradius-users-bounces+ywang10=fsu.edu at lists.freeradius.org] On Behalf Of Benjamin Stahl
Sent: Wednesday, July 23, 2014 9:55 AM
To: Freeradius Mailing-List
Subject: Freeradius authentification against Kerberos

Hi,

I'm a newbie with Freeserver. It is my first time with it. I try to make a configuration against Kerberos with your freeradius-server on centOS 6.5.
I use FreeRadius 2.1.12


Please use 2.2.5 if you can.

But now I got everytime the error: "no authenticate method (Auth-Type) found for the request". So every user got a reject.
I setup the server like explained at this tutorial from eduroam.us<http://eduroam.us/>: https://www.eduroam.us/node/45

Under authenticate {}, make sure you have following lines:

        Auth-Type PAP {
                pap
        }
        Auth-Type Kerberos {
                krb5
        }


My problem is also that a PEAP - MSCHAPv2 auth from a Windows 7 - PC does not work.

Cannot use PEAP MSCHAPv2. You have to use EAP-TTLS.


Can anyone help me, please?

I attached the logs.

Thanks, and best Benjamin.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140723/ed25d23e/attachment-0001.html>


More information about the Freeradius-Users mailing list