FreeRadius 3.0.17 and Kerberos 5
Marcelito de Guzman
marzzz21 at gmail.com
Fri Jul 3 02:52:39 CEST 2020
My bad, I didn't know radius service is running under the user 'radiusd'.
I had to give that user read access to the host's keytab file.
Kerberos recommends to only give read/write access to to root though,
so I'm not entirely sure if there is any security issues with what I
did.
On Fri, Jul 3, 2020 at 6:01 AM Marcelito de Guzman <marzzz21 at gmail.com> wrote:
>
> On my freeradius server, I am able to retrieve a ticket for the host
> though. Confirmed with via 'kinit' and 'klist', so read permission to
> /etc/krb5.keytab is not the case here.
> No errors on my kerberos logs either.
>
> On Fri, Jul 3, 2020 at 5:26 AM Alan DeKok <aland at deployingradius.com> wrote:
> >
> > On Jul 2, 2020, at 5:02 PM, Marcelito de Guzman <marzzz21 at gmail.com> wrote:
> > > My freeradius server is able to connect to the kerberos server. I can
> > > obtain a ticket via 'kinit'. However, I can't seem to authenticate
> > > users. I'm getting an error: `krb5: ERROR: Error verifying credentials
> > > (13): Permission denied`
> > > Is there any other setup I need to make? What factors are plausibly
> > > causing the error?
> >
> > That error is coming from the Kerberos library or server. So you'll have to debug that.
> >
> > Maybe FreeRADIUS doesn't have permission to read /etc/krb5.keytab ?
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list