On Mon, Sep 02, 2013 at 04:23:52PM +0200, Wolfgang Schweer wrote:
> On Mon, Sep 02, 2013 at 01:53:37PM +0200, Giorgio Pioda wrote:
> > I'm getting crazy about setting up freeradius for wifi login.
> > I've followed Wolfgang's tip in the german user group.
> I've posted that in English, too:
> > 1) I've set the principal as radius/tjener.intern@INTERN
> > 2) The keytab /etc/krb5.keytab.radius with user and group freerad 0600
> > and added the key
> > 3) Conf. according Wolfgang. Still I get strange errors
> > in debug mode. Freeradius complains about missing REALM, but either
> > using username or username@INTERN the result is the same error.
> > 4) About the client setup (network manager). PEAP external is correct,
> > or I have to choose TLS or other options?
> On the client use EAP-TTLS-PAP, PEAP won't work.
> Good luck. (ATM, I can't test this setup for wheezy...)
It's not a language matter since I'm swiss. The two instructions
are pretty similar, out of the preprocess stuff.
What I see in the debug mode is the following error
"krb5_rd_req() failed: Permission denied in replay cache code"
searching around I've found similar problem related with selinux
on fedora machines. AFAIK selinux is NOT active by default in debian,
so I guess the problem should be elsewhere.
I have to add to this report, that testing the login with radtest I see that
using it with passwd that contains special character (like $ # or other
symbols) the output in the line "User-Password" is wrong.
Any idea is wellcome, of course.
Giorgio Pioda - Sysadmin SPSE-Tenero
Cell +41 79 629 20 63
Uff. +41 91 735 62 48