On Nov 26, 2007 10:55 AM, Dan Gahlinger <[EMAIL PROTECTED]> wrote:
>
> there is a lot of documentation missing.
> for example, when users are using "SSH" what's the "Login-Service" supposed
> to be?
> setting it to "SSH" doesn't work.
>
> so many unanswered questions about this.
> with SSH we don'
Dan Gahlinger wrote:
> the pam_radius_auth documentation says to email YOU and refers to the
> radius mailing list,
> which is where I am. you are the author of that as well.
And I'm not the author of the PAM system. If you can get PAM to call
the module, ask questions here. If not, ask questi
esting Cleartext-Password := "callme"
>
>> To: freeradius-users@lists.freeradius.org
>> Subject: RE: local ssh authentication via radius possible?
>> Date: Mon, 26 Nov 2007 21:58:00 +0100
>> From: [EMAIL PROTECTED]
>>
>> >Login-Service is set to "TCP-Cl
ecades you get tired of answering questions of newbies.
I'd have thought this would all be well documented by now. oh well.
> Date: Mon, 26 Nov 2007 22:48:11 +0100
> From: [EMAIL PROTECTED]
> To: freeradius-users@lists.freeradius.org
> Subject: Re: local ssh authentication vi
Dan Gahlinger wrote:
> I'm not fighting you at all.
Having answered questions on this list for nearly a decade, I
see patterns.
> All of your answers previously were "read the documentation, it's there".
> well, it's not. definitely not.
The parts I was pointing you to were documented. O
s:
testing Cleartext-Password := "callme"
> To: freeradius-users@lists.freeradius.org
> Subject: RE: local ssh authentication via radius possible?
> Date: Mon, 26 Nov 2007 21:58:00 +0100
> From: [EMAIL PROTECTED]
>
> >Login-Service is set to "TCP-Clear" no
even with "debug" option specified.
Dan.
> Date: Mon, 26 Nov 2007 21:51:34 +0100
> From: [EMAIL PROTECTED]
> To: freeradius-users@lists.freeradius.org
> Subject: Re: local ssh authentication via radius possible?
>
> Dan Gahlinger wrote:
> > I don't understan
>Login-Service is set to "TCP-Clear" now,
Leave just username and password. Delete all the rest for that user. You
don't need that.
>and the log file produces only this:
>Mon Nov 26 12:43:45 2007 : Info: rlm_exec: Wait=yes but no output defined. Did
>you mean output=none?
>Mon Nov 26 12:43:45 2
Dan Gahlinger wrote:
> I don't understand most of what you said here. Hence my problem.
The problem is that you're trying to configure 4-5 separate things at
the same time, without understanding how most of them work. As a
result, you're frustrated, and not making progress.
> Mon Nov 26 12:43:
e I
have no idea how it should look.
I'd appreciate a little bit of help here, some hints, some sample configs,
would really really help.
I mean, if it's even possible to do what we're trying to do.
> Date: Mon, 26 Nov 2007 20:33:13 +0100
> From: [EMAIL PROTECTED]
&
Dan Gahlinger wrote:
> The SSH documentation doesnt say anything about using radius or
> configuring the Radius users file.
> why would it? that makes no sense.
Because you haven't said which RADIUS client you're using. Maybe SSH
has a RADIUS plugin...
> The pam_radius_auth documentation, whil
From: [EMAIL PROTECTED]
> To: freeradius-users@lists.freeradius.org
> Subject: Re: local ssh authentication via radius possible?
>
> Dan Gahlinger wrote:
> > it doesn't like my config, even with "TCP Clear"-
> >
> > testing Cleartext-Password := "cal
Dan Gahlinger wrote:
> it doesn't like my config, even with "TCP Clear"-
>
> testing Cleartext-Password := "callme"
> Service-Type = Login-User,
> Login-Service = TCP Clear,
> Login-IP-Host = testing.mydomain.com
You have to use the names from the dictionaries. "TCP cle
r SSH?
> To: freeradius-users@lists.freeradius.org
> Subject: RE: local ssh authentication via radius possible?
> Date: Mon, 26 Nov 2007 17:08:59 +0100
> From: [EMAIL PROTECTED]
>
> >
> >radiusd also complains unknown module "files"
> >
>
> And tha
nope. I didn't touch the default radiusd.conf (out of the package)
I think I need to resolve this Login-Service first. it can't parse the users
file because of it.
so which Login-Service do I use?
> To: freeradius-users@lists.freeradius.org
> Subject: RE: local ssh authentic
>
>radiusd also complains unknown module "files"
>
And that would be the result of you hacking the default radiusd.conf.
Leave it alone, and it will work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So what are we supposed to use for SSH then?
TCP Clear? or TCP Clear Quiet?
Dan.
> To: freeradius-users@lists.freeradius.org
> Subject: RE: local ssh authentication via radius possible?
> Date: Mon, 26 Nov 2007 17:02:16 +0100
> From: [EMAIL PROTECTED]
>
> >From RFC:
&
>From RFC:
Values for RADIUS Attribute 15, Login-Service:
ValueDescription Reference
---- -
0Telnet
1Rlogin
2TCP Clear
3PortMaster (proprietary)
4
P address so I just used
"Login-IP-Host"
and Service-Type "Login-User"
radiusd also complains unknown module "files"
this could really use a "newbie" setup guide with examples
> Date: Sat, 24 Nov 2007 07:35:54 +0100
> From: [EMAIL PROTECTED]
>
Dan Gahlinger wrote:
> How do I configure PAM to use radius?
See the documentation in the pam_radius_auth module. It's on the
freeradius web page.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I configure PAM to use radius?
> Date: Wed, 21 Nov 2007 21:45:32 +0100
> From: [EMAIL PROTECTED]
> To: freeradius-users@lists.freeradius.org
> Subject: Re: local ssh authentication via radius possible?
>
> Dan Gahlinger wrote:
&g
Dan Gahlinger wrote:
> I understand that part.
> But I'm not talking about going to another server, I'm talking locally.
> so PAM can talk to the local radius server on the server the user is
> connecting to?
The pam_radius_auth module can. Just tell it that the RADIUS server
is 127.0.0.1
> I
telnet examples don't help at all.
thanks
> Date: Wed, 21 Nov 2007 19:41:46 +0100
> From: [EMAIL PROTECTED]
> To: freeradius-users@lists.freeradius.org
> Subject: Re: local ssh authentication via radius possible?
>
> Dan Gahlinger wrote:
> > I've read the faq
Dan Gahlinger wrote:
> I've read the faq, wiki, etc and the sample configs that come with
> freeradius,
> but I'm a bit stuck
>
> I want to have users use SSH to login to the server, but use radius as
> the authentication method,
> is this possible?
Yes. SSH calls PAM. PAM uses the pam_radius
I've read the faq, wiki, etc and the sample configs that come with freeradius,
but I'm a bit stuck
I want to have users use SSH to login to the server, but use radius as the
authentication method,
is this possible?
and if so, what would a sample config look like for this?
sorry, I'm a bit lost
25 matches
Mail list logo
