Date: Fri, 17 Oct 2008 00:27:22 -0700 (PDT) From: MattAD <mattvdwest@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: Radius Authentication Message-ID: <20027802.post@talk.nabble.com> In-Reply-To: <48F7E51B.8030703@za.verizonbusiness.com> References: <20013780.post@talk.nabble.com> <48F7E51B.8030703@za.verizonbusiness.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Todor, Thanks, Ive read before that there has to be a user on the local server with the same name as the windows domain and i have used the man pages for the configuration, i think the problem lies with the autentication against the Radius server, or the Radius server itself. I shall venture forth and try to combat this plague!!! :-P thanks for the speedy reply btw! =) Todor Genov-2 wrote: > > Hi Matt, > > > The three important steps here are as follows: > > 1.) Confirm that authentication against the RADIUS server succeeds using > any command line RADIUS util. > > 2.) configure /etc/radius.conf as per "man pam_radius" and man > "radius.conf" > > 3.) Add a user on the FreeBSD machine whose name corresponds with the > Windows domain account (if the name contains spaces then refer to the > pre-Windows2000 compatible username in AD). This is mandatory as > pam_radius is only used for authentication. UID, GID, home dir and all > *nix relevant account parameters are still retrieved from the local user > database. > > An alternative to step 3 would be to use the template_user option in > radius.conf, but this means that all your Windows users will appear to > the system with same UID/GID as the template_user. > > > MattAD wrote: >> I would just like to know if anyone on earth has been able to get the >> pam_radius module working on FreeBSD, using a windows domain username >> through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd >> config looks like so: >> >> # >> # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $ >> # >> # PAM configuration for the "sshd" service >> # >> >> # auth >> auth required pam_nologin.so no_warn >> auth sufficient pam_opie.so no_warn >> no_fake_prompts >> auth requisite pam_opieaccess.so no_warn >> allow_local >> auth sufficient pam_radius.so no_warn >> try_first_pass >> #auth sufficient pam_krb5.so no_warn >> try_first_pass >> #auth sufficient pam_ssh.so no_warn >> try_first_pass >> auth sufficient pam_unix.so no_warn >> try_first_pass >> >> # account >> account required pam_nologin.so >> #account required pam_krb5.so >> account required pam_login_access.so >> account required pam_unix.so >> >> # session >> #session optional pam_ssh.so >> session required pam_permit.so >> >> # password >> #password sufficient pam_krb5.so no_warn >> try_first_pass >> password required pam_unix.so no_warn >> try_first_pass >> >> >> :confused: > > -- > Regards, > > Todor Genov > Systems Operations > > Verizon Business South Africa (Pty) Ltd > > todor.genov@za.verizonbusiness.com > Tel: +27 11 235 6500 > Fax: 086 692 0543 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > -- View this message in context: http://www.nabble.com/Radius-Authentication-tp20013780p20027802.html Sent from the freebsd-questions mailing list archive at Nabble.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20027802.post>