PAM + radius
Vince Hoffman
jhary at unsane.co.uk
Mon Mar 27 18:00:53 UTC 2006
On Mon, 27 Mar 2006, Aymeric MUNTZ wrote:
> Hello,
>
> I'm trying to set authentication against Radius on my box.
> I modified my /etc/pam.d/telnetd file for:
> ___
> |auth required pam_radius.so conf=/etc/radius.conf
> |account required pam_radius.so
> |session required pam_lastlog.so no_fail
> |password required pam_radius.so no_warn
> try_first_pass
> |___
>
> It seams that id does nothing.
>
> 1) How can I set it correctly working?
> 2) How do I define users and groups? I guess that it is not enough
to set
> it in the radius server. Moreover, I don't want to grant access to every
> user in my radius database.
Unfortunately its just PAM radius not nss radius so you will need to
define all your users and groups on the local machine. The alternative is
to use nis (never looked into it) or ldap( freebsd has nss_ldap and
pam_ldap in ports.) Otherwise with local users created, setup
/etc/radius.conf
with the correct info (mine looks like this)
auth 12.23.34.45:1645 "FAKEradiusKEY" 4 5
and add a line like
auth sufficient pam_radius.so no_warn
try_first_pass
to the relevent pam file. I use it so I can authenticate against an RSA
ACE server.
>
> Do you know a good documentation about that?
A good read of man radius.conf and man pam_radius should be enough.
otherwise google is your friend.
cheers,
Vince
>
> Thanks
> Cheers
>
> Alex
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list