1 # Preparing to use Moonshot
3 First, look at the mech file in the mech_eap directory of the source tree. Copy this file to /etc/gss/mech (or on Debian/Ubuntu systems /usr/etc/gss/mech). The Debian path is a bug that will be fixed; this page will be updated after.
5 Then, create a symlink from /usr/lib/gss/mech_eap.so to the installed mech_eap.so. Are you getting the feeling you're running down some untested code paths here yet?
7 On Debian systems make sure /usr/lib/freeradius is in your default linker search path. Perhaps edit /etc/ld.so.conf and run ldconfig. Yes, that too is a bug.
9 Create a radsec.conf in $prefix/etc/radsec.conf.
11 Create a valid freeradius dictionary in $prefix/share/freeradius/dictionary. This may be a bug as well.
13 # Configuring Kerberos
15 Configure Kerberos, you ask? But I'm not using Kerberos!
16 True, but the Kerberos library is kind of self-centered at the moment and doesn't believe anyone would ever want to not use Kerberos.
17 So, it requires that servers be able to set up Kerberos even if they never use it.
18 Please see also a bug.
19 So you want something like
21 Contents of /etc/krb5.conf:
24 default_realm = YOUR_DOMAIN_ALL_CAPS
28 addprinc --password -p host/hostname.your_domain@YOUR_DOMAIN_ALL_CAPS -k 1 -e aes256-cts
30 Enter a password of your choice
35 Then <code>chmod a+r /etc/krb5.keytab</code>. Note that would be a very bad thing to do if you actually were using Kerberos. It may still be a bad thing to do if you have services enabled that can potentially use Kerberos.
37 # Configuring libradsec
39 cat > $prefix/etc/radsec.conf << EOF
43 hostname = "127.0.0.1"
50 $secret is the secret you share with the radius server, i.e. the "secret" entry in FreeRADIUS configuration "client" clause.
projects / devwiki.git / blob