search for: krb5_client_ktname

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root

...ss a cleartext password. (It is possible to use krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a cleartext password) However, I'm not actually at that point yet. First I'm configuring freeradius to do the LDAP query. To do this I'm setting environment variables: KRB5_CLIENT_KTNAME=/etc/krb5.keytab KRB5CCNAME=MEMORY: Using KRB5_CLIENT_KTNAME means that the Kerberos library will automatically fetch and renew ticket when required. And I'm telling it to use the in-process MEMORY cache to hold those tickets. Aside: there is a nasty failure mode if you don't do it like...

Hello, Wiki entry was based on my mail to this list, sorry if I was not clear enough. I'm glad You figured it out yourself, Regards, Kacper W dniu 09.10.2018 o 17:21, Marco Gaiarin via samba pisze: >> Someone have some hints? Thanks. > ...i reply to myself. > > Indeed the option 'ntlm auth = mschapv2-and-ntlmv2-only' (4.7+) or 'ntlm auth = > yes'