Re: local ssh authentication via radius possible?

2007-12-03 Thread Nick Owen
On Nov 26, 2007 10:55 AM, Dan Gahlinger <[EMAIL PROTECTED]> wrote: > > there is a lot of documentation missing. > for example, when users are using "SSH" what's the "Login-Service" supposed > to be? > setting it to "SSH" doesn't work. > > so many unanswered questions about this. > with SSH we don'

Re: local ssh authentication via radius possible?

2007-11-26 Thread Alan DeKok
Dan Gahlinger wrote: > the pam_radius_auth documentation says to email YOU and refers to the > radius mailing list, > which is where I am. you are the author of that as well. And I'm not the author of the PAM system. If you can get PAM to call the module, ask questions here. If not, ask questi

RE: local ssh authentication via radius possible?

2007-11-26 Thread tnt
esting Cleartext-Password := "callme" > >> To: freeradius-users@lists.freeradius.org >> Subject: RE: local ssh authentication via radius possible? >> Date: Mon, 26 Nov 2007 21:58:00 +0100 >> From: [EMAIL PROTECTED] >> >> >Login-Service is set to "TCP-Cl

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
ecades you get tired of answering questions of newbies. I'd have thought this would all be well documented by now. oh well. > Date: Mon, 26 Nov 2007 22:48:11 +0100 > From: [EMAIL PROTECTED] > To: freeradius-users@lists.freeradius.org > Subject: Re: local ssh authentication vi

Re: local ssh authentication via radius possible?

2007-11-26 Thread Alan DeKok
Dan Gahlinger wrote: > I'm not fighting you at all. Having answered questions on this list for nearly a decade, I see patterns. > All of your answers previously were "read the documentation, it's there". > well, it's not. definitely not. The parts I was pointing you to were documented. O

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
s: testing Cleartext-Password := "callme" > To: freeradius-users@lists.freeradius.org > Subject: RE: local ssh authentication via radius possible? > Date: Mon, 26 Nov 2007 21:58:00 +0100 > From: [EMAIL PROTECTED] > > >Login-Service is set to "TCP-Clear" no

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
even with "debug" option specified. Dan. > Date: Mon, 26 Nov 2007 21:51:34 +0100 > From: [EMAIL PROTECTED] > To: freeradius-users@lists.freeradius.org > Subject: Re: local ssh authentication via radius possible? > > Dan Gahlinger wrote: > > I don't understan

RE: local ssh authentication via radius possible?

2007-11-26 Thread tnt
>Login-Service is set to "TCP-Clear" now, Leave just username and password. Delete all the rest for that user. You don't need that. >and the log file produces only this: >Mon Nov 26 12:43:45 2007 : Info: rlm_exec: Wait=yes but no output defined. Did >you mean output=none? >Mon Nov 26 12:43:45 2

Re: local ssh authentication via radius possible?

2007-11-26 Thread Alan DeKok
Dan Gahlinger wrote: > I don't understand most of what you said here. Hence my problem. The problem is that you're trying to configure 4-5 separate things at the same time, without understanding how most of them work. As a result, you're frustrated, and not making progress. > Mon Nov 26 12:43:

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
e I have no idea how it should look. I'd appreciate a little bit of help here, some hints, some sample configs, would really really help. I mean, if it's even possible to do what we're trying to do. > Date: Mon, 26 Nov 2007 20:33:13 +0100 > From: [EMAIL PROTECTED] &

Re: local ssh authentication via radius possible?

2007-11-26 Thread Alan DeKok
Dan Gahlinger wrote: > The SSH documentation doesnt say anything about using radius or > configuring the Radius users file. > why would it? that makes no sense. Because you haven't said which RADIUS client you're using. Maybe SSH has a RADIUS plugin... > The pam_radius_auth documentation, whil

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
From: [EMAIL PROTECTED] > To: freeradius-users@lists.freeradius.org > Subject: Re: local ssh authentication via radius possible? > > Dan Gahlinger wrote: > > it doesn't like my config, even with "TCP Clear"- > > > > testing Cleartext-Password := "cal

Re: local ssh authentication via radius possible?

2007-11-26 Thread Alan DeKok
Dan Gahlinger wrote: > it doesn't like my config, even with "TCP Clear"- > > testing Cleartext-Password := "callme" > Service-Type = Login-User, > Login-Service = TCP Clear, > Login-IP-Host = testing.mydomain.com You have to use the names from the dictionaries. "TCP cle

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
r SSH? > To: freeradius-users@lists.freeradius.org > Subject: RE: local ssh authentication via radius possible? > Date: Mon, 26 Nov 2007 17:08:59 +0100 > From: [EMAIL PROTECTED] > > > > >radiusd also complains unknown module "files" > > > > And tha

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
nope. I didn't touch the default radiusd.conf (out of the package) I think I need to resolve this Login-Service first. it can't parse the users file because of it. so which Login-Service do I use? > To: freeradius-users@lists.freeradius.org > Subject: RE: local ssh authentic

RE: local ssh authentication via radius possible?

2007-11-26 Thread tnt
> >radiusd also complains unknown module "files" > And that would be the result of you hacking the default radiusd.conf. Leave it alone, and it will work. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
So what are we supposed to use for SSH then? TCP Clear? or TCP Clear Quiet? Dan. > To: freeradius-users@lists.freeradius.org > Subject: RE: local ssh authentication via radius possible? > Date: Mon, 26 Nov 2007 17:02:16 +0100 > From: [EMAIL PROTECTED] > > >From RFC: &

RE: local ssh authentication via radius possible?

2007-11-26 Thread tnt
>From RFC: Values for RADIUS Attribute 15, Login-Service: ValueDescription Reference ---- - 0Telnet 1Rlogin 2TCP Clear 3PortMaster (proprietary) 4

RE: local ssh authentication via radius possible?

2007-11-26 Thread Dan Gahlinger
P address so I just used "Login-IP-Host" and Service-Type "Login-User" radiusd also complains unknown module "files" this could really use a "newbie" setup guide with examples > Date: Sat, 24 Nov 2007 07:35:54 +0100 > From: [EMAIL PROTECTED] >

Re: local ssh authentication via radius possible?

2007-11-23 Thread Alan DeKok
Dan Gahlinger wrote: > How do I configure PAM to use radius? See the documentation in the pam_radius_auth module. It's on the freeradius web page. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: local ssh authentication via radius possible?

2007-11-23 Thread Dan Gahlinger
How do I configure PAM to use radius? > Date: Wed, 21 Nov 2007 21:45:32 +0100 > From: [EMAIL PROTECTED] > To: freeradius-users@lists.freeradius.org > Subject: Re: local ssh authentication via radius possible? > > Dan Gahlinger wrote: &g

Re: local ssh authentication via radius possible?

2007-11-21 Thread Alan DeKok
Dan Gahlinger wrote: > I understand that part. > But I'm not talking about going to another server, I'm talking locally. > so PAM can talk to the local radius server on the server the user is > connecting to? The pam_radius_auth module can. Just tell it that the RADIUS server is 127.0.0.1 > I

RE: local ssh authentication via radius possible?

2007-11-21 Thread Dan Gahlinger
telnet examples don't help at all. thanks > Date: Wed, 21 Nov 2007 19:41:46 +0100 > From: [EMAIL PROTECTED] > To: freeradius-users@lists.freeradius.org > Subject: Re: local ssh authentication via radius possible? > > Dan Gahlinger wrote: > > I've read the faq

Re: local ssh authentication via radius possible?

2007-11-21 Thread Alan DeKok
Dan Gahlinger wrote: > I've read the faq, wiki, etc and the sample configs that come with > freeradius, > but I'm a bit stuck > > I want to have users use SSH to login to the server, but use radius as > the authentication method, > is this possible? Yes. SSH calls PAM. PAM uses the pam_radius