From owner-freebsd-net@FreeBSD.ORG Mon Mar 27 18:00:53 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B38816A425 for ; Mon, 27 Mar 2006 18:00:53 +0000 (UTC) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (unsane.co.uk [62.140.220.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A1AA43D46 for ; Mon, 27 Mar 2006 18:00:52 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (localhost [127.0.0.1]) by unsane.co.uk (8.13.5/8.13.3) with ESMTP id k2RI05Dg084006 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 27 Mar 2006 19:00:05 +0100 (BST) (envelope-from jhary@unsane.co.uk) Received: from localhost (jhary@localhost) by unsane.co.uk (8.13.5/8.13.3/Submit) with ESMTP id k2RI05Vl084003; Mon, 27 Mar 2006 19:00:05 +0100 (BST) (envelope-from jhary@unsane.co.uk) Date: Mon, 27 Mar 2006 19:00:05 +0100 (BST) From: Vince Hoffman To: Aymeric MUNTZ In-Reply-To: Message-ID: <20060327184715.H80871@unsane.co.uk> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@freebsd.org Subject: Re: PAM + radius X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2006 18:00:53 -0000 On Mon, 27 Mar 2006, Aymeric MUNTZ wrote: > Hello, > > I'm trying to set authentication against Radius on my box. > I modified my /etc/pam.d/telnetd file for: > ___ > |auth required pam_radius.so conf=/etc/radius.conf > |account required pam_radius.so > |session required pam_lastlog.so no_fail > |password required pam_radius.so no_warn > try_first_pass > |___ > > It seams that id does nothing. > > 1) How can I set it correctly working? > 2) How do I define users and groups? I guess that it is not enough to set > it in the radius server. Moreover, I don't want to grant access to every > user in my radius database. Unfortunately its just PAM radius not nss radius so you will need to define all your users and groups on the local machine. The alternative is to use nis (never looked into it) or ldap( freebsd has nss_ldap and pam_ldap in ports.) Otherwise with local users created, setup /etc/radius.conf with the correct info (mine looks like this) auth 12.23.34.45:1645 "FAKEradiusKEY" 4 5 and add a line like auth sufficient pam_radius.so no_warn try_first_pass to the relevent pam file. I use it so I can authenticate against an RSA ACE server. > > Do you know a good documentation about that? A good read of man radius.conf and man pam_radius should be enough. otherwise google is your friend. cheers, Vince > > Thanks > Cheers > > Alex > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >