Kerberos and FR 3.0.1 (fedora)
Brendan Kearney
bpk678 at gmail.com
Thu May 15 23:26:32 CEST 2014
On Thu, 2014-05-15 at 11:19 +0100, Arran Cudbard-Bell wrote:
> On 15 May 2014, at 11:12, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> >
> > On 15 May 2014, at 01:24, Brendan Kearney <bpk678 at gmail.com> wrote:
> >
> >> i am evaluating FR 3.0.1 with kerberos/ldap for authN/authZ,
> >> respectively. for some reason, the kerberos piece is not authenticating
> >> me. the keytab is freshly minted and the kvno in it matches what is in
> >> kadmin. the keytab is owned by radiusd:radiusd. kinit
> >> -kt /etc/raddb/radius.keytab radius/test.bpk2.com results in a ticket
> >> being granted. not sure what the issue is. can anyone offer a pointer?
> >
> > Try 3.0.3, there have been some fixes since 3.0.1.
>
> Though you also need to make sure there's a keytab entry for your service
> principle.
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
3.0.3 is not available from the repos just yet. when it does come down,
i will be updating to it.
the keytab is valid. i did check it with kinit. the keytab contains:
[root at test raddb]# klist -Kket radius.keytab
Keytab name: FILE:radius.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
4 05/13/2014 21:00:49 radius/test.bpk2.com at BPK2.COM
(aes256-cts-hmac-sha1-96) (blahthisisalongstringblah)
the keytab is freshly minted and created out of kadmin. is there
something else you think i am missing?
More information about the Freeradius-Users
mailing list