Adrian Czapek wrote: > Hello, > I wonder if it is possible to configure freeradius to authenticate > default windows supplicants (offering PEAP only method) to authenticate > users in wired network against kerberos. > I have working configuration - freeradius can succesfully authenticate > users against kerberos using DEFULT Auth-Type = Kerberos in users file:
Kerberos is incompatible with PEAP. http://deployingradius.com/documents/protocols/compatibility.html > Now I would like to protect ethernet network with 802.1x protocol. I am > stuck, because I don't have User-Password inside of the PEAP tunnel (I > know the reason why I don;t have that password there, no need to explain > :)) which is needed for kerberos module. > Is there any other method to get it working ? I've googled out some info > about using ttls tunnel instead of peap, but I have no idea how to force > windows supplicants to do so. Change the supplicant to use EAP-GTC. That might work. Otherwise, it's impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html