[Freeipa-users] freeipa radius cisco

John Dennis jdennis at redhat.com
Wed Jan 16 17:13:57 UTC 2013


On 01/16/2013 11:44 AM, Han Boetes wrote:
> This might be somewhat off-topic but I'll ask anyway.
>
> First my questions:
>
> How do I get the cisco device -- a 3750 with the latest software image
> -- to use EAP-TTLS and what am I missing for the rest.

Sorry, I can't help you with cisco configuration, maybe others can. But 
I can help with FreeRADIUS.

> # Executing group from file /etc/raddb//sites-enabled/default
> +- entering group Kerberos {...}
> rlm_krb5: [hb] krb5_sname_to_principal failed: Hostname cannot be

It's failing because it's finding a bogus value for the service 
principal. This is configured in /etc/raddb/modules/krb5, by default it's

krb5 {
	keytab = /path/to/keytab
	service_principal = name_of_principle
}

How did you configure these?


-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/




More information about the Freeipa-users mailing list