Alan,
Thanks for your quick response. I put several more hours of testing
in after I made this posting and determined it is almost certainly
not a radius issue, but probably a PAM or Kerberos issue, so I am
starting to dig deeper in those areas. The LDAP information is
interesting and may prove to be the option I need to take if I can't
get the Kerberos working soon.
Thanks for your assistance.
--Bill
On Sun, May 09, 2004 at 08:34:48AM -0400, Alan DeKok wrote:
> Bill Shaver <[EMAIL PROTECTED]> wrote:
> > I need to add at least one more Kerberos realm (read MS Windows forest/AD)
> > back-end authentication store. (These MS Windows forests do not trust
> > each other.) On the radius server (computer), I can manually perform kinit
> > requests against each krb5 realm just fine. My problem is how do I get
> > freeradius (or PAM) to take the authentication request and direct it to
> > the correct Kerberos server/realm. It seems this should not be that hard,
> > I am probably missing something very basic.
>
> That would depend on pam_krb5. If it doesn't describe how to do
> this, it probably can't.
>
> > -- I have looked into the rlm_krb, but have gotten nowhere (I can't
> > find it in the RPMs, and I can't get it to compile).
>
> If it's not in the RPM's, it's probably because the Kerberos on RH
> is different than the one in the module.
>
> You might try the latest CVS snapshot. The kerberos module may have
> been updated.
>
> > -- I have looked at (although not experimented with) LDAP authentication,
> > but it looks like I would have the same problem.
>
> I'm not sure why. You can have multiple instances of the LDAP
> module, each pointing to a different back-end.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
