RE: Active Directory and FreeRadius
Well I can use pam_krb5, but what I am trying to accomplish here is that I have quite a few Linux workstation on my network and I thought if I can setup those Linux workstation to point to the radius server where they login using there Active Directory credentials. So I am not sure if this can be done or not? But would like hear if anybody who has done something similar to what I am doing. Thanks, -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 13, 2005 2:58 PM To: FreeRadius users mailing list Subject: Re: Active Directory and FreeRadius "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > I was able to auth against AD by setting up KRB5 on RHEL. Now I would like > to setup freeradius where I will have bunch of UNIX workstation that will > point to the freeradius server using pam_radius_auth module and will auth > against radius server using their AD credentials. Why not just use pam_krb5? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Active Directory and FreeRadius
HI, I was able to auth against AD by setting up KRB5 on RHEL. Now I would like to setup freeradius where I will have bunch of UNIX workstation that will point to the freeradius server using pam_radius_auth module and will auth against radius server using their AD credentials. So would anyone have an example of radiusd.conf file that I can see and get an idea how I might be able to setup freeradius server to point to the AD for auth purposes. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How can i authenticate my users against Active Directory?
Well I am not running radiusd on my Linux box. Do I need to run radiusd on my Linux Box even though my radius server is running on a MS windows 2000 server? I thought only thing I had to do is setup pam_radius_auth to talk to my radius server. ___ Puneet Talwar -Original Message- From: Dusty Doris [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 4:15 PM To: FreeRadius users mailing list Subject: RE: How can i authenticate my users against Active Directory? > See I am trying to authenticate against the AD, but in my case the RADIUS > server is running on a Windows Server and my client is a Linux box. But > the problem I am having is that when I try to authenticate against the AD > from my Linux box I get error message in /var/log/messages > > login[4578]: pam_radius_auth: RADIUS server IP_address> failed to respond > login[4578]: pam_radius_auth: All RADIUS servers failed to respond. > > When I go check the log on the Radius server I can see the login attempts > that are made from the Linux box. > > So I am not sure where else I can see what I am doing wrong here. > What does the radius server show in debug mode? radiusd -X - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How can i authenticate my users against Active Directory?
See I am trying to authenticate against the AD, but in my case the RADIUS server is running on a Windows Server and my client is a Linux box. But the problem I am having is that when I try to authenticate against the AD from my Linux box I get error message in /var/log/messages login[4578]: pam_radius_auth: RADIUS server failed to respond login[4578]: pam_radius_auth: All RADIUS servers failed to respond. When I go check the log on the Radius server I can see the login attempts that are made from the Linux box. So I am not sure where else I can see what I am doing wrong here. __ Puneet Talwar -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 2:05 PM To: FreeRadius users mailing list Subject: Re: How can i authenticate my users against Active Directory? Dusty Doris <[EMAIL PROTECTED]> wrote: > You can always do an ldap search to AD for authorization and if the > password is coming over in clear text, you could just do a bind against AD > for authentication. Correct? Yes. But this won't work for PEAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAM_RADIUS_AUTH
See I am not sure if there is an option to increase the debugging level w/out edit the source code. If I have not choice to I will edit the source code to increase debugging level. __ Puneet Talwar -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 2:04 PM To: FreeRadius users mailing list Subject: Re: PAM_RADIUS_AUTH "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > Can you please tell me which source code to modify? The source code to pam_radius_auth? You did say you wanted more debugging information from it. Why would you edit the source code to anything else? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PAM_RADIUS_AUTH
Can you please tell me which source code to modify? Thanks --Original Message-- From: Alan DeKok To: FreeRadius users mailing list ReplyTo: FreeRadius users mailing list Sent: Jun 29, 2005 1:06 PM Subject: Re: PAM_RADIUS_AUTH "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > I would like to know is there any way to increase the debug level on > PAM_RADIUS_AUTH module. Source code modifications. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Sent from my BlackBerry Wireless Handheld - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAM_RADIUS_AUTH
I would like to know is there any way to increase the debug level on PAM_RADIUS_AUTH module. I am having a hard time connect to the radius server which is running on Window 2000 server. Plus I am not sure if I got the pam login file correct in /etc/pam.d/login The OS I am running is RH ES WS v4.0 #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open __ Puneet Talwar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
Well ok, would it be possible to see some examples of some pam file setting for RH environment? I think I am not setting the right pam modules. Thanks, __ Puneet Talwar Contractor/CIPS UNIX Administrator 301-451-9971 ( c ) 301-252-5366 Disclaimer: The information in this e-mail and any of its attachments is confidential and may contain sensitive information. It should not be used by anyone who is not the original intended recipient. If you have received this e-mail in error please inform the sender and delete it from your mailbox or any other storage devices. The National Institute of Allergy and Infectious Diseases (NIAID) shall not accept liability for any statement made that are the sender's own and not expressly made on behalf of the NIAID by one of its representatives. -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 2:57 PM To: FreeRadius users mailing list Subject: Re: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > Here is the full content of the file. ... > IP Address Secret_Key3 That line is NONSENSE. If it's actually in your configuration file, it WON'T WORK. You have to list the IP address, not the text "IP Address". See the line just above this one, which gives an example ot what to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
Sorry about that, Here is the full content of the file. # cat pam_radius_auth.conf # pam_radius_auth configuration file. Copy to: /etc/raddb/server # # For proper security, this file SHOULD have permissions 0600, # that is readable by root, and NO ONE else. If anyone other than # root can read this file, then they can spoof responses from the server! # # There are 3 fields per line in this file. There may be multiple # lines. Blank lines or lines beginning with '#' are treated as # comments, and are ignored. The fields are: # # server[:port] secret [timeout] # # the port name or number is optional. The default port name is # "radius", and is looked up from /etc/services The timeout field is # optional. The default timeout is 3 seconds. # # If multiple RADIUS server lines exist, they are tried in order. The # first server to return success or failure causes the module to return # success or failure. Only if a server fails to response is it skipped, # and the next server in turn is used. # # The timeout field controls how many seconds the module waits before # deciding that the server has failed to respond. # server[:port] shared_secret timeout (s) #127.0.0.1 secret 1 IP Address Secret_Key3 # # having localhost in your radius configuration is a Good Thing. # # See the INSTALL file for pam.conf hints. -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 12:48 PM To: FreeRadius users mailing list Subject: Re: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > Here is the content of the pam_radius_auth.conf file and yes it does exist > in /etc/raddb/server folder. > > # server[:port] shared_secret timeout (s) > #127.0.0.1 secret 1 > IP Address Secret_Key3 Either you've edited it so much as to be useless, or you're using that file as-is. Either way, I have no idea what the ACTUAL contents of the file is, and therefore I have no way to help you. If you don't know how to fix the problem on your own, any editing of the configuration files you do before posting them here is guaranteed to make those files useless. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
Here is the content of the pam_radius_auth.conf file and yes it does exist in /etc/raddb/server folder. # server[:port] shared_secret timeout (s) #127.0.0.1 secret 1 IP Address Secret_Key3 -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 11:16 AM To: FreeRadius users mailing list Subject: Re: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > I was able to get the vsftpd working, I can > authenticate but when I go check to the /var/log/messages I see the > following message. > > vsftpd[X]: pam_radius_auth: No RADIUS server found in configuration file > /etc/raddb/server So... what's the content of that file? Does it even exist? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
HI, I am trying to setup pam_radius_auth on my RHEL WS v4. I followed the direction from the pam_radius_app pkg which I downloaded from freeradius.org. I copy the appropriate files in the right location. I configured the pam_radius_auth.conf in /etc/raddb/server folder to talk to radius server which is running on a MS Windows environment. The next problem is that I am not able to configure the PAM modules appropriately to work with pam_radius_auth.so. I was able to get the vsftpd working, I can authenticate but when I go check to the /var/log/messages I see the following message. vsftpd[X]: pam_radius_auth: No RADIUS server found in configuration file /etc/raddb/server If someone has had a similar problem and know a fix around this, please help me. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connecting to Windows server running Radius from a RH Linux
I have successfully installed FreeRadius on my RH Linux box and I am trying to figure out how I can connect to the radius server which is running on a W2k server. I have add my RH Linux box as a client on the server I have the key as well. My question is how do I configure my Linux box to talk to the Radius server? I see a lot of docs on client and server setup, but I am not able to find a doc if I have a Radius server running on W2k, what steps I need to go have my RH Linux box talk to the Radius Server user authentication. FYI, Radius server is tied into Active Directory (AD) for authentication and other services. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html