I am new to this list and am hoping for some assistance with my freeradius configuration. Please forgive me if this is a stupid qustion, but I am stumped.
Background: Red Hat 9.0 Freeradius (from RH) The RPMs that seem most relevant are: freeradius-0.9.3-1 krb5-libs-1.2.7-14 krb5-workstation-1.2.7-14 pam_krb5-1.60-1 I have had it up and running fairly well for several months -- my compliments to the author(s). The relevant components in my configuration to this question are a Cisco VPN concentrator as the NAS and the radius server authenticates via PAM (PAM routes it as a Kerberos request to an MS Windows 2000 AD). The problem: I need to add at least one more Kerberos realm (read MS Windows forest/AD) back-end authentication store. (These MS Windows forests do not trust each other.) On the radius server (computer), I can manually perform kinit requests against each krb5 realm just fine. My problem is how do I get freeradius (or PAM) to take the authentication request and direct it to the correct Kerberos server/realm. It seems this should not be that hard, I am probably missing something very basic. Some other notes: -- I have looked into the rlm_krb, but have gotten nowhere (I can't find it in the RPMs, and I can't get it to compile). -- I would like to avoid setting up lots of proxies, it does not seem appropriate in this environment. -- I have looked at (although not experimented with) LDAP authentication, but it looks like I would have the same problem. Any pointers, even to existing documents I have not yet found, would be most appreciated. If it can't be done, feel free to tell me that too -- I will stop beating my head against this wall. Best Wishes, --Bill - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html