Hi all, :)
I have installed FreeRadius 0.9.3 on RedHat Linux 9 and enabled Pam - the file name is system-auth. Pam has been configured to deny users 5 failed password attempts. I tried the pam setup by login locally and it works fine. After I installed RADIUS and edited the 'radius.conf' file to use pam, the disabling of password after 5 failed attempts seems not to work - I tried testing the RADIUS with NTRadPing as recommended by Jonathen Hassell in his book RADIUS.
I will use this RADIUS setup for my roaming system engineer to telnet to Cisco switches and routers for maintenance and troubleshooting.
This are the changes I made to the radius.conf file:
pam {
#
# system-auth is the name of the pam file I edited in etc/pam.d
system-auth = radiusd
}
authenticate {
pam
unix
}
=====end of file ==============
#This is the content of my system-auth file
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth required /lib/security/pam_tally.so no_magic_root
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth required /lib/security/pam_tally.so no_magic_root
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account required /lib/security/pam_tally.so deny=5 no_magic_root reset
account required /lib/security/pam_tally.so deny=5 no_magic_root reset
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
Hope anyone of you would be kind enough to help me.
Thanks
emy
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today