RE: PAM + Freeradius

Wed, 24 Oct 2001 11:06:55 -0700 

Paulo,

A quicky setup:

Compile and install freeradius with pam support (./configure --help will tell you how)

Within your radiusd.conf file make sure that the pam section is enabled:

        pam {
                #
                #  The name to use for PAM authentication.
                #  PAM looks in /etc/pam.d/${pam_auth_name}
                #  for it's configuration.
                #
                #  Note that any Pam-Auth attribute set in the 'users'
                #  file over-rides this one.
                #
                pam_auth = radiusd
        }


&&


authenticate {
# Uncomment this if you want to use PAM (Auth-Type = PAM)
        pam


In your /etc/pam.d/ directory create a file called radiusd with the following contents 
(or whatever you want for your pam
configuration, this seems to work for me):

#%PAM-1.0
auth       required     /lib/security/pam_unix_auth.so shadow md5 nullok
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_unix_passwd.so shadow md5 nullok use_authtok
session    required     /lib/security/pam_unix_session.so


If you don't want to run your freeradius server in debug mode as root (ie, run as an 
unpriviledged user) you will need to run
freeradius with a group membership that is able to read the /etc/shadow file - 
otherwise pam will be unable to read the /etc/shadow
file and will fail. I suggest a group called 'shadow' or the like.

chgrp /etc/shadow shadow
chmod g+w /etc/shadow

And in the radiusd.conf file:

#  On systems with shadow passwords, you might have to set 'group = shadow'
#  for the server to be able to read the shadow password file.
#
# Change below to suit your setup.
user = radius
group = shadow


Please understand that giving anything except root read permissions to the /etc/shadow 
file is something that you want to think a
bit upon!!


Hope this helps,

Bruce Ritchie

> -----Original Message-----
> From: Paulo Sousa [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 24, 2001 2:17 PM
> To: [EMAIL PROTECTED]
> Subject: PAM + Freeradius
>
>
>
>
> Hi
>
> I need help about pam autentication with freeradius. I try to do it on Red
> Hat
> 7.1 but pam_radius module was removed. Someone can help me or tell me where
> i
> can find some tutorial????
>
> Thank's
>
> --
> Paulo Sousa
> [EMAIL PROTECTED]
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to