Delete _/etc/shibboleth/attribute-map.xml_ and replace it with:
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:89" id="local-login-user"/>
+ <GSSAPIAttribute name="urn:ietf:params:gss:radius-attribute 89" id="local-login-user"/>
</Attributes>
In this case, 89 corresponds to _Chargeable-User-Identity_, which is mapped to _local-login-user_, which sets the local account that the user will be given access to.
# Any encryption type supported by Kerberos can be defined as the
# last element of the OID arc.
#
- eap-aes128 1.3.6.1.4.1.5322.22.1.17 mech_eap.so
- eap-aes256 1.3.6.1.4.1.5322.22.1.18 mech_eap.so
-
+ eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
+ eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so
+
##Testing Functionality
As mentioned earlier, we will be using the Kerberos test tools to make sure that things are working.<br />
/opt/moonshot/sbin/gss-server host@localhost &
-There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech):
+There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.5.5.15.1.1.18 (as seen in /etc/gss/mech):
/opt/moonshot/bin/gss-client -mech "{1.3.6.1.5.5.15.1.1.18 }" 127.0.0.1 host@localhost bar