I am new to this list and am hoping for some assistance with my freeradius
configuration. Please forgive me if this is a stupid qustion, but I am
stumped.
Background:
Red Hat 9.0
Freeradius (from RH)
The RPMs that seem most relevant are:
freeradius-0.9.3-1
krb5-libs-1.2.7-14
krb5-workstation-1.2.7-14
pam_krb5-1.60-1
I have had it up and running fairly well for several months --
my compliments to the author(s). The relevant components in my
configuration to this question are a Cisco VPN concentrator as the NAS
and the radius server authenticates via PAM (PAM routes it as a Kerberos
request to an MS Windows 2000 AD).
The problem:
I need to add at least one more Kerberos realm (read MS Windows forest/AD)
back-end authentication store. (These MS Windows forests do not trust
each other.) On the radius server (computer), I can manually perform kinit
requests against each krb5 realm just fine. My problem is how do I get
freeradius (or PAM) to take the authentication request and direct it to
the correct Kerberos server/realm. It seems this should not be that hard,
I am probably missing something very basic.
Some other notes:
-- I have looked into the rlm_krb, but have gotten nowhere (I can't
find it in the RPMs, and I can't get it to compile).
-- I would like to avoid setting up lots of proxies, it does not seem
appropriate in this environment.
-- I have looked at (although not experimented with) LDAP authentication,
but it looks like I would have the same problem.
Any pointers, even to existing documents I have not yet found, would be
most appreciated. If it can't be done, feel free to tell me that too --
I will stop beating my head against this wall.
Best Wishes,
--Bill
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
