Radius Authentication

MattAD mattvdwest at hotmail.com
Fri Oct 17 00:27:24 PDT 2008 

Hi Todor,

Thanks, Ive read before that there has to be a user on the local server with
the same name as the windows domain and i have used the man pages for the
configuration, i think the problem lies with the autentication against the
Radius server, or the Radius server itself.

I shall venture forth and try to combat this plague!!! :-P

thanks for the speedy reply btw!

=)

Todor Genov-2 wrote:
> 
> Hi Matt,
> 
> 
> The three important steps here are as follows:
> 
> 1.) Confirm that authentication against the RADIUS server succeeds using
> any command line RADIUS util.
> 
> 2.) configure /etc/radius.conf as per "man pam_radius" and man
> "radius.conf"
> 
> 3.) Add a user on the FreeBSD machine whose name corresponds with the
> Windows domain account (if the name contains spaces then refer to the
> pre-Windows2000 compatible username in AD). This is mandatory as
> pam_radius is only used for authentication. UID, GID, home dir and all
> *nix relevant account parameters are still retrieved from the local user
> database.
> 
>  An alternative to step 3 would be to use the template_user option in
> radius.conf, but this means that all your Windows users will appear to
> the system with same UID/GID as the template_user.
> 
> 
> MattAD wrote:
>> I would just like to know if anyone on earth has been able to get the
>> pam_radius module working on FreeBSD, using a windows domain username
>> through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd
>> config looks like so:  
>> 
>> #
>> # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
>> #
>> # PAM configuration for the "sshd" service
>> #
>> 
>> # auth
>> auth            required        pam_nologin.so          no_warn
>> auth            sufficient      pam_opie.so             no_warn
>> no_fake_prompts
>> auth            requisite       pam_opieaccess.so       no_warn
>> allow_local
>> auth            sufficient      pam_radius.so           no_warn
>> try_first_pass
>> #auth           sufficient      pam_krb5.so             no_warn
>> try_first_pass
>> #auth           sufficient      pam_ssh.so              no_warn
>> try_first_pass
>> auth            sufficient      pam_unix.so             no_warn
>> try_first_pass
>> 
>> # account
>> account         required        pam_nologin.so
>> #account        required        pam_krb5.so
>> account         required        pam_login_access.so
>> account         required        pam_unix.so
>> 
>> # session
>> #session        optional        pam_ssh.so
>> session         required        pam_permit.so
>> 
>> # password
>> #password       sufficient      pam_krb5.so             no_warn
>> try_first_pass
>> password        required        pam_unix.so             no_warn
>> try_first_pass
>> 
>> 
>> :confused:
> 
> -- 
> Regards,
> 
> Todor Genov
> Systems Operations
> 
> Verizon Business South Africa (Pty) Ltd
> 
> todor.genov at za.verizonbusiness.com
> Tel: +27 11 235 6500
> Fax: 086 692 0543
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
> 

-- 
View this message in context: http://www.nabble.com/Radius-Authentication-tp20013780p20027802.html
Sent from the freebsd-questions mailing list archive at Nabble.com.

More information about the freebsd-questions mailing list