Date: Fri, 17 Oct 2008 05:00:08 +0200 From: Peter Boosten <peter@boosten.org> Cc: freebsd-questions@freebsd.org Subject: Re: Radius Authentication Message-ID: <48F7FFB8.20209@boosten.org> In-Reply-To: <20013780.post@talk.nabble.com> References: <20013780.post@talk.nabble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
MattAD wrote: > I would just like to know if anyone on earth has been able to get the > pam_radius module working on FreeBSD, using a windows domain username > through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd > config looks like so: I don't have a direct answer to your question, but we use tac_plus with the RADIUS extension to authenticate from our IPS environment to a Windows 2003 domain, and there are two things I vaguely remember from that setup (maybe they apply to your setup as well): - when authenticating we have to use the complete login name, including domain info: username@domain.tlc - we had to switch 'Store passwords in reversable form' (or something like that - in Windows that is) to be able to authenticate. The first password is stored that way after a password change. - we discovered that some password do not work: passwords with a "+" sign in it, but I don't know if that due to TACACS or RADIUS. Hope it helps. Peter -- http://www.boosten.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F7FFB8.20209>