Re: Radius Authentication
- From: MattAD <mattvdwest@xxxxxxxxxxx>
- Date: Fri, 17 Oct 2008 00:27:22 -0700 (PDT)
Hi Todor,
Thanks, Ive read before that there has to be a user on the local server with
the same name as the windows domain and i have used the man pages for the
configuration, i think the problem lies with the autentication against the
Radius server, or the Radius server itself.
I shall venture forth and try to combat this plague!!! :-P
thanks for the speedy reply btw!
=)
Todor Genov-2 wrote:
Hi Matt,
The three important steps here are as follows:
1.) Confirm that authentication against the RADIUS server succeeds using
any command line RADIUS util.
2.) configure /etc/radius.conf as per "man pam_radius" and man
"radius.conf"
3.) Add a user on the FreeBSD machine whose name corresponds with the
Windows domain account (if the name contains spaces then refer to the
pre-Windows2000 compatible username in AD). This is mandatory as
pam_radius is only used for authentication. UID, GID, home dir and all
*nix relevant account parameters are still retrieved from the local user
database.
An alternative to step 3 would be to use the template_user option in
radius.conf, but this means that all your Windows users will appear to
the system with same UID/GID as the template_user.
MattAD wrote:
I would just like to know if anyone on earth has been able to get the
pam_radius module working on FreeBSD, using a windows domain username
through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd
config looks like so:
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn
allow_local
auth sufficient pam_radius.so no_warn
try_first_pass
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth sufficient pam_unix.so no_warn
try_first_pass
# account
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
password required pam_unix.so no_warn
try_first_pass
:confused:
--
Regards,
Todor Genov
Systems Operations
Verizon Business South Africa (Pty) Ltd
todor.genov@xxxxxxxxxxxxxxxxxxxxxx
Tel: +27 11 235 6500
Fax: 086 692 0543
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@xxxxxxxxxxx"
--
View this message in context: http://www.nabble.com/Radius-Authentication-tp20013780p20027802.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Radius Authentication
- From: MattAD
- Re: Radius Authentication
- From: Todor Genov
- Radius Authentication
- Prev by Date: Re: Breach of Contract Reported for FREEBSD.ORG
- Next by Date: bsdlabel partiton c error message on new install
- Previous by thread: Re: Radius Authentication
- Next by thread: Re: Radius Authentication
- Index(es):
Relevant Pages
|
