0

Currently I am trying to get my FreeRadius server to talk to my FreeIPA server and through some Googling I discovered I need to have FreeRadius talk to Kerberos in order to do user look ups. So I make a Krb5 file located at /etc/raddb/mods-enabled/Krb5 with the following:

krb5 {
    keytab = /etc/raddb/radius.keytab
    service_principal = radius/resolute.akr.iol.unh.edu
}

I have created the keytab and that principal does exist on FreeIPA.

Now the main issue I am having is when I go to run FreeRadius with this command to test it:

radiusd -X

I get this error message:

rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
  # Instantiating module "krb5" from file /etc/raddb/mods-enabled/krb5
Using MIT Kerberos library
rlm_krb5 (krb5): Using service principal "radius/resolute.akr.iol.unh.edu@AKR.IOL.UNH.EDU"
rlm_krb5 (krb5): Using keytab "FILE:/etc/raddb/radius.keytab"
rlm_krb5 (krb5): Initialising connection pool
   pool {
        start = 5
        min = 5
        max = 10
        spare = 3
        uses = 0
        lifetime = 0
        cleanup_interval = 30
        idle_timeout = 60
        retry_delay = 1
        spread = no
   }
rlm_krb5 (krb5): Opening additional connection (0), 1 of 10 pending slots used
rlm_krb5 (krb5): Opening additional connection (1), 1 of 9 pending slots used
rlm_krb5 (krb5): Opening additional connection (2), 1 of 8 pending slots used
rlm_krb5 (krb5): Opening additional connection (3), 1 of 7 pending slots used
rlm_krb5 (krb5): Opening additional connection (4), 1 of 6 pending slots used
 } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
} # server
server default { # from file /etc/raddb/sites-enabled/default
 # Loading authenticate {...}
/etc/raddb/sites-enabled/default[53]: Failed to find "Krb5" as a module or policy.
/etc/raddb/sites-enabled/default[53]: Please verify that the configuration exists in /etc/raddb/mods-enabled/Krb5.
/etc/raddb/sites-enabled/default[53]: Failed to parse "Krb5" entry.

There is much more to this output, but I just put what I think was important.

As you can see on the last three lines it says the configuration file does not exist, but it clearly does. Another odd thing is if you look at the top few lines it even reads from the Krb5 file and outputs the contents in it. So unless I am missing something I do not understand what is wrong here and why it keeps failing with this error even though the file exist.

Adam
  • 3
  • 1

1 Answers1

0

Looks like it's a capitalisation issue. You're listing the kerberos module as Krb5, but the instance name is krb5.

Arran Cudbard-Bell
  • 1,514
  • 1
  • 9
  • 18
  • I thought that as well, but after changing it's capitalization I still get the same error. – Adam Dec 10 '19 at 17:53
  • Oh wait you are correct I needed to set the case on all things with krb5 in them. Thanks. – Adam Dec 10 '19 at 22:52