Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Mar 2006 19:00:05 +0100 (BST)
From:      Vince Hoffman <jhary@unsane.co.uk>
To:        Aymeric MUNTZ <aymeric.muntz@free.fr>
Cc:        freebsd-net@freebsd.org
Subject:   Re: PAM + radius
Message-ID:  <20060327184715.H80871@unsane.co.uk>
In-Reply-To: <MAEBLPAGHGPMOKCBICBNOEGJCKAA.aymeric.muntz@free.fr>
References:  <MAEBLPAGHGPMOKCBICBNOEGJCKAA.aymeric.muntz@free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Mon, 27 Mar 2006, Aymeric MUNTZ wrote:

> Hello,
>
> I'm trying to set authentication against Radius on my box.
> I modified my /etc/pam.d/telnetd file for:
> ___
> |auth            required        pam_radius.so conf=/etc/radius.conf
> |account         required        pam_radius.so
> |session         required        pam_lastlog.so          no_fail
> |password        required        pam_radius.so           no_warn
> try_first_pass
> |___
>
> It seams that id does nothing.
>
> 	1) How can I set it correctly working?
> 	2) How do I define users and groups? I guess that it is not enough 
to set
> it in the radius server. Moreover, I don't want to grant access to every

> user in my radius database.
Unfortunately its just PAM radius not nss radius so you will need to 
define all your users and groups on the local machine. The alternative is 
to use nis (never looked into it) or ldap( freebsd has nss_ldap and 
pam_ldap in ports.)  Otherwise with local users created, setup 
/etc/radius.conf 
with the correct info (mine looks like this)
auth    12.23.34.45:1645      "FAKEradiusKEY" 4 5

and add a line like
auth            sufficient      pam_radius.so           no_warn 
try_first_pass

to the relevent pam file. I use it so I can authenticate against an RSA 
ACE server.

>
> Do you know a good documentation about that?
A good read of man radius.conf and man pam_radius should be enough.
otherwise google is your friend.

cheers,
Vince
>
> Thanks
> Cheers
>
> Alex
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060327184715.H80871>