I haven't tried rlm_krb5, but I've done a lot of kerberos management, so
maybe I can help. If there are any kerberos-specific parameters that
rlm_krb5 needs, someone else might be able to shed light on them for you.
I presume kerberos is working on this system otherwise (eg. you can ssh
or telnet -ax into this system)? I know Sun's kerberos packages look
for /etc/krb5/krb5.keytab and /etc/krb5/krb5.conf, so if you're using
Solaris, make sure those files are symlinked. Verify 'klist -k' shows
the same keytab version number (KVNO) as your KDC, since creating a new
keytab will wipe out the old one. Other than that, run radiusd under
strace and check to see what keytab file rlm_krb5 is actually trying to
open and what the error is.
Riccardo.Veraldi wrote:
Hello,
I am using freeradius with EAP-TTLS + kereros authentication + ldap
authorization.
Everyhtign works but I have this error:
rlm_krb5: verify_krb_v5_tgt: host key not found : key table erntry not
found
I checked and the permissions on /etc/krb5.keytab are correct...
anyone has a hint for me ?
thanks
Rick
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
