search for: rlm_krb5

...> >/ > /> How did you 'fix' > > >this, on face value, there is nothing wrong with that line. > > > "imdap" is not "idmap" > > (so now you understand why I missed it after staring at it so long :-) Oh yes ;-) > I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi > authentication. The krb5 module requires a cleartext password, but > MSCHAP does not pass a cleartext password. (It is possible to use > krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a > cleartext password) You might w...

Gssapi is failing at the following statement in sshconnect2.c, ok never gets set to 1:: ssh_gssapi_check_mechanism fails /* Check to see if the mechanism is usable before we offer it */ while (mech < gss_supported->count && !ok) { /* My DER encoding requires length<128 */ if (gss_supported->elements[mech].length < 128 &&

I finally found it, thanks to a clue from https://wiki.archlinux.org/index.php/Active_Directory_Integration This works: kinit -k -t /etc/krb5.keytab 'WRN-RADTEST$' These don't work: kinit -k -t /etc/krb5.keytab kinit -k -t /etc/krb5.keytab host/wrn-radtest.ad.example.net kinit -k -t /etc/krb5.keytab host/wrn-radtest That is: the keytab contains three different principals: root

On 20/12/2016 14:10, Rowland Penny wrote: >> I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi >> authentication. The krb5 module requires a cleartext password, but >> MSCHAP does not pass a cleartext password. (It is possible to use >> krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a >> cleartext password...

...create a realm to strip the "host/"? > Any help would be appreciated!!! > Thanks, > jamie > > > make clean > > ./configure --configure --with-raddbdir=/etc/radius > --with-logdir=/var/log/radius --disable-snmp --without-rlm_sql > --without-rlm_ldap --without-rlm_krb5 > > make > > make install > > modcall: entering group Auth-Type for request 6 > rlm_mschap: No User-Password configured. Cannot create LM-Password. > rlm_mschap: No User-Password configured. Cannot create NT-Password. > rlm_mschap: Told to do MS-CHAPv2 for host/IS...

...Ah cool, yes that does happen now. L.P.H. van Belle wrote: > This is what i found, dont know if thats exact what your looking for. > > ( module ) > krb5 { > keytab = /etc/freeradius/keytab > service_principal = radius/radius.example.com > } I can't use rlm_krb5, because I plan to use PEAP+MSCHAP for wifi authentication. The krb5 module requires a cleartext password, but MSCHAP does not pass a cleartext password. (It is possible to use krb5 authentication with TTLS+PAP or TTLS+GTC, both of which send a cleartext password) However, I'm not actually...