Hi Matt,
The three important steps here are as follows: 1.) Confirm that authentication against the RADIUS server succeeds using any command line RADIUS util. 2.) configure /etc/radius.conf as per "man pam_radius" and man "radius.conf" 3.) Add a user on the FreeBSD machine whose name corresponds with the Windows domain account (if the name contains spaces then refer to the pre-Windows2000 compatible username in AD). This is mandatory as pam_radius is only used for authentication. UID, GID, home dir and all *nix relevant account parameters are still retrieved from the local user database. An alternative to step 3 would be to use the template_user option in radius.conf, but this means that all your Windows users will appear to the system with same UID/GID as the template_user. MattAD wrote: > I would just like to know if anyone on earth has been able to get the > pam_radius module working on FreeBSD, using a windows domain username > through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd > config looks like so: > > # > # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $ > # > # PAM configuration for the "sshd" service > # > > # auth > auth required pam_nologin.so no_warn > auth sufficient pam_opie.so no_warn > no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > auth sufficient pam_radius.so no_warn > try_first_pass > #auth sufficient pam_krb5.so no_warn > try_first_pass > #auth sufficient pam_ssh.so no_warn > try_first_pass > auth sufficient pam_unix.so no_warn > try_first_pass > > # account > account required pam_nologin.so > #account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.so > > # session > #session optional pam_ssh.so > session required pam_permit.so > > # password > #password sufficient pam_krb5.so no_warn > try_first_pass > password required pam_unix.so no_warn > try_first_pass > > > :confused: -- Regards, Todor Genov Systems Operations Verizon Business South Africa (Pty) Ltd [EMAIL PROTECTED] Tel: +27 11 235 6500 Fax: 086 692 0543 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"