Freeradius Kerberos Authentication to FreeIPA

[Guille]

Yes, that's the exact post I was following to get my configuration working.
I'm pretty positive about the permission on the keytab file since I got it
wrong at first and the service just didn't work.
My klist looks like this:
[root at freeradius01 raddb]# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_L7W1CRR
Default principal: radius/freeradius01.gti.copaco.com.py at GTI.COPACO.COM.PY

Valid starting     Expires            Service principal
18/07/18 13:31:00  19/07/18 13:31:00  krbtgt/
GTI.COPACO.COM.PY at GTI.COPACO.COM.PY



On Wed, Jul 18, 2018 at 3:07 PM Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:

> On 18 Jul 2018, at 19:56, Guille <godoy.guillermo at gmail.com> wrote:
> > Any ideas on how to fix this?.
>
> Sounds like you're not actually using the keytab - you should only need a
> ticket to generate the keytab in the first place.
>
> Take a look at this post I wrote a couple of years ago:
>
>
> http://lists.freeradius.org/pipermail/freeradius-users/2015-February/075624.html
>
> Make sure FreeRADIUS is actually running as the user account you think it
> is running as, and that it can definitely read the keytab (check file
> permissions, selinux, etc.).
>
> Adam Bishop
>
>   gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
> limited by guarantee which is registered in England under company number
> 2881024, VAT number GB 197 0632 86. The registered office is: One Castle
> Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html