Hi Todor,
Thanks, Ive read before that there has to be a user on the local server with
the same name as the windows domain and i have used the man pages for the
configuration, i think the problem lies with the autentication against the
Radius server, or the Radius server itself.
I shall venture forth and try to combat this plague!!! :-P
thanks for the speedy reply btw!
=)
Todor Genov-2 wrote:
Hi Matt,
The three important steps here are as follows:
1.) Confirm that authentication against the RADIUS server succeeds using
any command line RADIUS util.
2.) configure /etc/radius.conf as per man pam_radius and man
radius.conf
3.) Add a user on the FreeBSD machine whose name corresponds with the
Windows domain account (if the name contains spaces then refer to the
pre-Windows2000 compatible username in AD). This is mandatory as
pam_radius is only used for authentication. UID, GID, home dir and all
*nix relevant account parameters are still retrieved from the local user
database.
An alternative to step 3 would be to use the template_user option in
radius.conf, but this means that all your Windows users will appear to
the system with same UID/GID as the template_user.
MattAD wrote:
I would just like to know if anyone on earth has been able to get the
pam_radius module working on FreeBSD, using a windows domain username
through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd
config looks like so:
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the sshd service
#
# auth
authrequiredpam_nologin.so no_warn
authsufficient pam_opie.so no_warn
no_fake_prompts
authrequisite pam_opieaccess.so no_warn
allow_local
authsufficient pam_radius.so no_warn
try_first_pass
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
authsufficient pam_unix.so no_warn
try_first_pass
# account
account requiredpam_nologin.so
#accountrequiredpam_krb5.so
account requiredpam_login_access.so
account requiredpam_unix.so
# session
#sessionoptionalpam_ssh.so
session requiredpam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
passwordrequiredpam_unix.so no_warn
try_first_pass
:confused:
--
Regards,
Todor Genov
Systems Operations
Verizon Business South Africa (Pty) Ltd
[EMAIL PROTECTED]
Tel: +27 11 235 6500
Fax: 086 692 0543
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
--
View this message in context:
http://www.nabble.com/Radius-Authentication-tp20013780p20027802.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]