On Mon, 2007-10-15 at 12:22 -0400, Lisa Besko wrote:
Alan DeKok wrote:
DEFAULT Auth-Type := Kerberos
Fall-Through = 1
An earlier message in this thread said Auth-Type = Kerberos. What
you have above is different.
An here in lies the problem. I just went back and
Alan DeKok wrote:
DEFAULT Auth-Type := Kerberos
Fall-Through = 1
An earlier message in this thread said Auth-Type = Kerberos. What
you have above is different.
An here in lies the problem. I just went back and tested this. I had
been working with Walt Reynolds on the issue
Lisa Besko wrote:
Thanks for the help so far. Part of the problem is we have probably
tried so many things we probably messed something up along the way don't
remember what is is.
Stop right there. If you don't keep track of what you're doing, you
will NEVER get it to work.
Throw away
Giobbi Piero wrote:
Saw this in the list and i allways wondered how to test this, how do you
do it? I don't have any devices that uses EAP so..
If I don't have devices using EAP, I don't test EAP.
Otherwise, I use real devices (i.e. laptops and AP's) that do EAP.
Or, if I'm in a hurry,
Hi.
Saw this in the list and i allways wondered how to test this, how do
you do it? I don't have any devices that uses EAP so..
5) validate that EAP-TTLS works with username/password bob and bob
thx.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes Ivan, I apologize for pasting an incomplete image command from my
test machine.
---
Walt Reynolds
Principal Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
-Original Message-
Date: Fri, 12 Oct 2007 15:26:50 +0100
This will work on almost anything:
http://jradius.net/wiki/index.php/JRadiusSimulator
Ivan Kalik
Kali Informatika ISP
Dana 12/10/2007, Giobbi Piero [EMAIL PROTECTED] piše:
Hi.
Saw this in the list and i allways wondered how to test this, how do
you do it? I don't have any devices that uses
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server and get authorized (and not get authorized with
bad information).
I can get EAP-TTLS to work if I put a user and a password in the radius
users file but that's not what we want. We need the kerberos
Hi,
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server and get authorized (and not get authorized with
bad information).
right
I can get EAP-TTLS to work if I put a user and a password in the radius
users file but that's not what we want. We
Can you post the debug (radiusd -X) for the same user with and without
EAP (using Kerberos - no users file entry).
Ivan Kalik
kalik Informatika ISP
Dana 11/10/2007, Lisa Besko [EMAIL PROTECTED] piše:
It works w/o EAP. I can do a radtest with a valid userid and password
on the kerberos server
Oct 11 10:01:03 2007 : Auth: rlm_krb5: [UserName] krb5_g_i_t_w_p
failed: Decrypt integrity check failed
Has anyone else seen this or have suggestions for me on this.
Date: Thu, 11 Oct 2007 15:00:39 +0100
From: [EMAIL PROTECTED]
Subject: Re: 802.1x kerberos
To: FreeRadius users mailing list
Thanks for the help so far. Part of the problem is we have probably
tried so many things we probably messed something up along the way don't
remember what is is.
I think I have all the right stuff in the config files. I'll do a
little cut and paste here and maybe you will spot something I
On Thu, Oct 11, 2007 at 11:28:36AM -0400, Lisa Besko wrote:
Thanks for the help so far. Part of the problem is we have probably tried
so many things we probably messed something up along the way don't remember
what is is.
I think I have all the right stuff in the config files. I'll do a
Having made no changes to the config but using radtest from the command
line this is the debug output using kerberos but not EAP:
rad_recv: Access-Request packet from host 127.0.0.1:49649, id=40, length=65
User-Name = [EMAIL PROTECTED]
User-Password =
] krb5_g_i_t_w_p
failed: Decrypt integrity check failed
Has anyone else seen this or have suggestions for me on this.
Date: Thu, 11 Oct 2007 15:00:39 +0100
From: [EMAIL PROTECTED]
Subject: Re: 802.1x kerberos
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID
rad_recv: Access-Request packet from host 127.0.0.1:49649, id=40, length=65
User-Name = [EMAIL PROTECTED]
User-Password =
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
..
users: Matched entry DEFAULT at line 5 ===
modcall[authorize]:
Is there a way to do 802.1x with Kerberos authentication using Freeradius?
If their is can anyone point me in the right direction?
We have been trying eap-ttls most recently with very little luck but
everything I have read says this should be possible. What are we missing?
Thanks,
LB
-
It should be. Use EAP-TTLS/PAP and configure kerberos module in
radiusd.conf:
http://wiki.freeradius.org/index.php/Rlm_krb5
Make sure that it works without EAP first.
Ivan Kalik
Kalik Informatika ISP
Dana 10/10/2007, Lisa Besko [EMAIL PROTECTED] piše:
Is there a way to do 802.1x with
18 matches
Mail list logo
