Radius Authentication
MattAD
mattvdwest at hotmail.com
Fri Oct 17 00:27:24 PDT 2008
Hi Todor,
Thanks, Ive read before that there has to be a user on the local server with
the same name as the windows domain and i have used the man pages for the
configuration, i think the problem lies with the autentication against the
Radius server, or the Radius server itself.
I shall venture forth and try to combat this plague!!! :-P
thanks for the speedy reply btw!
=)
Todor Genov-2 wrote:
>
> Hi Matt,
>
>
> The three important steps here are as follows:
>
> 1.) Confirm that authentication against the RADIUS server succeeds using
> any command line RADIUS util.
>
> 2.) configure /etc/radius.conf as per "man pam_radius" and man
> "radius.conf"
>
> 3.) Add a user on the FreeBSD machine whose name corresponds with the
> Windows domain account (if the name contains spaces then refer to the
> pre-Windows2000 compatible username in AD). This is mandatory as
> pam_radius is only used for authentication. UID, GID, home dir and all
> *nix relevant account parameters are still retrieved from the local user
> database.
>
> An alternative to step 3 would be to use the template_user option in
> radius.conf, but this means that all your Windows users will appear to
> the system with same UID/GID as the template_user.
>
>
> MattAD wrote:
>> I would just like to know if anyone on earth has been able to get the
>> pam_radius module working on FreeBSD, using a windows domain username
>> through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd
>> config looks like so:
>>
>> #
>> # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
>> #
>> # PAM configuration for the "sshd" service
>> #
>>
>> # auth
>> auth required pam_nologin.so no_warn
>> auth sufficient pam_opie.so no_warn
>> no_fake_prompts
>> auth requisite pam_opieaccess.so no_warn
>> allow_local
>> auth sufficient pam_radius.so no_warn
>> try_first_pass
>> #auth sufficient pam_krb5.so no_warn
>> try_first_pass
>> #auth sufficient pam_ssh.so no_warn
>> try_first_pass
>> auth sufficient pam_unix.so no_warn
>> try_first_pass
>>
>> # account
>> account required pam_nologin.so
>> #account required pam_krb5.so
>> account required pam_login_access.so
>> account required pam_unix.so
>>
>> # session
>> #session optional pam_ssh.so
>> session required pam_permit.so
>>
>> # password
>> #password sufficient pam_krb5.so no_warn
>> try_first_pass
>> password required pam_unix.so no_warn
>> try_first_pass
>>
>>
>> :confused:
>
> --
> Regards,
>
> Todor Genov
> Systems Operations
>
> Verizon Business South Africa (Pty) Ltd
>
> todor.genov at za.verizonbusiness.com
> Tel: +27 11 235 6500
> Fax: 086 692 0543
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
--
View this message in context: http://www.nabble.com/Radius-Authentication-tp20013780p20027802.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
More information about the freebsd-questions
mailing list