[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeradius



On Mon, Sep 02, 2013 at 04:23:52PM +0200, Wolfgang Schweer wrote:
> On Mon, Sep 02, 2013 at 01:53:37PM +0200, Giorgio Pioda wrote:
> > 
> > I'm getting crazy about setting up freeradius for wifi login.
> > 
> > I've followed Wolfgang's tip in the german user group.
> 
> I've posted that in English, too:
> 
> http://lists.debian.org/debian-edu/2012/12/msg00057.html
>  
> > 1) I've set the principal as radius/tjener.intern@INTERN
> > 2) The keytab /etc/krb5.keytab.radius with user and group freerad 0600
> >    and added the key
> > 
> > 3) Conf. according Wolfgang. Still I get strange errors
> >    in debug mode. Freeradius complains about missing REALM, but either
> >    using username or username@INTERN the result is the same error.
> > 
> > 4) About the client setup (network manager). PEAP external is correct,
> >    or I have to choose TLS or other options?
> 
> On the client use EAP-TTLS-PAP, PEAP won't work.
> 
> Good luck. (ATM, I can't test this setup for wheezy...)
> 
> Wolfgang
> 

Thanks, Wolfgang

It's not a language matter since I'm swiss. The two instructions
are pretty similar, out of the preprocess stuff.

What I see in the debug mode is the following error

"krb5_rd_req() failed: Permission denied in replay cache code"

searching around I've found similar problem related with selinux
on fedora machines. AFAIK selinux is NOT active by default in debian,
so I guess the problem should be elsewhere.

I have to add to this report, that testing the login with radtest I see that
using it with passwd that contains special character (like $ # or other
symbols) the output in the line "User-Password" is wrong.

Any idea is wellcome, of course.

Regards

-- 
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48


Reply to: