Re: PAM + radius



On Mon, 27 Mar 2006, Aymeric MUNTZ wrote:

Hello,

I'm trying to set authentication against Radius on my box.
I modified my /etc/pam.d/telnetd file for:
___
|auth required pam_radius.so conf=/etc/radius.conf
|account required pam_radius.so
|session required pam_lastlog.so no_fail
|password required pam_radius.so no_warn
try_first_pass
|___

It seams that id does nothing.

1) How can I set it correctly working?
2) How do I define users and groups? I guess that it is not enough
to set
it in the radius server. Moreover, I don't want to grant access to every

user in my radius database.
Unfortunately its just PAM radius not nss radius so you will need to define all your users and groups on the local machine. The alternative is to use nis (never looked into it) or ldap( freebsd has nss_ldap and pam_ldap in ports.) Otherwise with local users created, setup /etc/radius.conf with the correct info (mine looks like this)
auth 12.23.34.45:1645 "FAKEradiusKEY" 4 5

and add a line like
auth sufficient pam_radius.so no_warn try_first_pass

to the relevent pam file. I use it so I can authenticate against an RSA ACE server.


Do you know a good documentation about that?
A good read of man radius.conf and man pam_radius should be enough.
otherwise google is your friend.

cheers,
Vince

Thanks
Cheers

Alex

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"