Radius Authentication
Todor Genov
todor.genov at za.verizonbusiness.com
Thu Oct 16 18:06:38 PDT 2008
Hi Matt,
The three important steps here are as follows:
1.) Confirm that authentication against the RADIUS server succeeds using
any command line RADIUS util.
2.) configure /etc/radius.conf as per "man pam_radius" and man "radius.conf"
3.) Add a user on the FreeBSD machine whose name corresponds with the
Windows domain account (if the name contains spaces then refer to the
pre-Windows2000 compatible username in AD). This is mandatory as
pam_radius is only used for authentication. UID, GID, home dir and all
*nix relevant account parameters are still retrieved from the local user
database.
An alternative to step 3 would be to use the template_user option in
radius.conf, but this means that all your Windows users will appear to
the system with same UID/GID as the template_user.
MattAD wrote:
> I would just like to know if anyone on earth has been able to get the
> pam_radius module working on FreeBSD, using a windows domain username
> through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd
> config looks like so:
>
> #
> # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
> #
> # PAM configuration for the "sshd" service
> #
>
> # auth
> auth required pam_nologin.so no_warn
> auth sufficient pam_opie.so no_warn
> no_fake_prompts
> auth requisite pam_opieaccess.so no_warn allow_local
> auth sufficient pam_radius.so no_warn
> try_first_pass
> #auth sufficient pam_krb5.so no_warn
> try_first_pass
> #auth sufficient pam_ssh.so no_warn
> try_first_pass
> auth sufficient pam_unix.so no_warn
> try_first_pass
>
> # account
> account required pam_nologin.so
> #account required pam_krb5.so
> account required pam_login_access.so
> account required pam_unix.so
>
> # session
> #session optional pam_ssh.so
> session required pam_permit.so
>
> # password
> #password sufficient pam_krb5.so no_warn
> try_first_pass
> password required pam_unix.so no_warn
> try_first_pass
>
>
> :confused:
--
Regards,
Todor Genov
Systems Operations
Verizon Business South Africa (Pty) Ltd
todor.genov at za.verizonbusiness.com
Tel: +27 11 235 6500
Fax: 086 692 0543
More information about the freebsd-questions
mailing list