On Nov 26, 2007 10:55 AM, Dan Gahlinger [EMAIL PROTECTED] wrote:
there is a lot of documentation missing.
for example, when users are using SSH what's the Login-Service supposed
to be?
setting it to SSH doesn't work.
so many unanswered questions about this.
with SSH we don't want to
Login-User
radiusd also complains unknown module files
this could really use a newbie setup guide with examples
Date: Sat, 24 Nov 2007 07:35:54 +0100
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: local ssh authentication via radius possible?
Dan
From RFC:
Values for RADIUS Attribute 15, Login-Service:
ValueDescription Reference
---- -
0Telnet
1Rlogin
2TCP Clear
3PortMaster (proprietary)
4
So what are we supposed to use for SSH then?
TCP Clear? or TCP Clear Quiet?
Dan.
To: freeradius-users@lists.freeradius.org
Subject: RE: local ssh authentication via radius possible?
Date: Mon, 26 Nov 2007 17:02:16 +0100
From: [EMAIL PROTECTED]
From RFC:
Values for RADIUS Attribute 15
radiusd also complains unknown module files
And that would be the result of you hacking the default radiusd.conf.
Leave it alone, and it will work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nope. I didn't touch the default radiusd.conf (out of the package)
I think I need to resolve this Login-Service first. it can't parse the users
file because of it.
so which Login-Service do I use?
To: freeradius-users@lists.freeradius.org
Subject: RE: local ssh authentication via radius
@lists.freeradius.org
Subject: RE: local ssh authentication via radius possible?
Date: Mon, 26 Nov 2007 17:08:59 +0100
From: [EMAIL PROTECTED]
radiusd also complains unknown module files
And that would be the result of you hacking the default radiusd.conf.
Leave it alone, and it will work
Dan Gahlinger wrote:
it doesn't like my config, even with TCP Clear-
testing Cleartext-Password := callme
Service-Type = Login-User,
Login-Service = TCP Clear,
Login-IP-Host = testing.mydomain.com
You have to use the names from the dictionaries. TCP clear is two
authentication via radius possible?
Dan Gahlinger wrote:
it doesn't like my config, even with TCP Clear-
testing Cleartext-Password := callme
Service-Type = Login-User,
Login-Service = TCP Clear,
Login-IP-Host = testing.mydomain.com
You have to use the names from
Dan Gahlinger wrote:
The SSH documentation doesnt say anything about using radius or
configuring the Radius users file.
why would it? that makes no sense.
Because you haven't said which RADIUS client you're using. Maybe SSH
has a RADIUS plugin...
The pam_radius_auth documentation, while
really help.
I mean, if it's even possible to do what we're trying to do.
Date: Mon, 26 Nov 2007 20:33:13 +0100
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: local ssh authentication via radius possible?
Dan Gahlinger wrote:
The SSH documentation doesnt say
Dan Gahlinger wrote:
I don't understand most of what you said here. Hence my problem.
The problem is that you're trying to configure 4-5 separate things at
the same time, without understanding how most of them work. As a
result, you're frustrated, and not making progress.
Mon Nov 26
Login-Service is set to TCP-Clear now,
Leave just username and password. Delete all the rest for that user. You
don't need that.
and the log file produces only this:
Mon Nov 26 12:43:45 2007 : Info: rlm_exec: Wait=yes but no output defined. Did
you mean output=none?
Mon Nov 26 12:43:45 2007 :
: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: local ssh authentication via radius possible?
Dan Gahlinger wrote:
I don't understand most of what you said here. Hence my problem.
The problem is that you're trying to configure 4-5 separate things at
the same
To: freeradius-users@lists.freeradius.org
Subject: RE: local ssh authentication via radius possible?
Date: Mon, 26 Nov 2007 21:58:00 +0100
From: [EMAIL PROTECTED]
Login-Service is set to TCP-Clear now,
Leave just username and password. Delete all the rest for that user. You
don't need
Dan Gahlinger wrote:
I'm not fighting you at all.
shrug Having answered questions on this list for nearly a decade, I
see patterns.
All of your answers previously were read the documentation, it's there.
well, it's not. definitely not.
The parts I was pointing you to were documented.
get tired of answering questions of newbies.
I'd have thought this would all be well documented by now. oh well.
Date: Mon, 26 Nov 2007 22:48:11 +0100
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: local ssh authentication via radius possible?
Dan Gahlinger
= 255.255.255.255
NAS-Port = 10
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=196, length=20
users config for that test is just this:
testing Cleartext-Password := callme
To: freeradius-users@lists.freeradius.org
Subject: RE: local ssh authentication via radius possible?
Date: Mon
Dan Gahlinger wrote:
the pam_radius_auth documentation says to email YOU and refers to the
radius mailing list,
which is where I am. you are the author of that as well.
And I'm not the author of the PAM system. If you can get PAM to call
the module, ask questions here. If not, ask
How do I configure PAM to use radius?
Date: Wed, 21 Nov 2007 21:45:32 +0100
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: local ssh authentication via radius possible?
Dan Gahlinger wrote:
I understand that part
Dan Gahlinger wrote:
How do I configure PAM to use radius?
See the documentation in the pam_radius_auth module. It's on the
freeradius web page.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
don't help at all.
thanks
Date: Wed, 21 Nov 2007 19:41:46 +0100
From: [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: local ssh authentication via radius possible?
Dan Gahlinger wrote:
I've read the faq, wiki, etc and the sample configs that come
Dan Gahlinger wrote:
I've read the faq, wiki, etc and the sample configs that come with
freeradius,
but I'm a bit stuck
I want to have users use SSH to login to the server, but use radius as
the authentication method,
is this possible?
Yes. SSH calls PAM. PAM uses the pam_radius_auth
Dan Gahlinger wrote:
I understand that part.
But I'm not talking about going to another server, I'm talking locally.
so PAM can talk to the local radius server on the server the user is
connecting to?
The pam_radius_auth module can. Just tell it that the RADIUS server
is 127.0.0.1
I
24 matches
Mail list logo