Ok, I now have it working, by inserting
auth sufficient /lib/security/pam_radius_auth.so
as the first line of /etc/pam.d/sshd. However, it still respects my
/etc/passwd password as well. When I tried to change the sufficient to
required like the rest of the entries, no login worked for me.
Can someone shed a little more light on the best way to make RADIUS my only
login *IF* the radius server is available, then it could fall back to the
local account for CONSOLE access if needed.
And thanks again for all the help!
Nick
Joe Lewis
<[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
Sent by: cc:
freeradius-users-admin@lists. Subject: Re: RedHat 7.3 as
Radius Client
cistron.nl
09/04/2002 03:17 PM
Please respond to
freeradius-users
Sounds decent! It should work fine, then!
Joe
[EMAIL PROTECTED] wrote:
> Thanks Joe!
>
> Yes, I was aware that the passwd file was STILL required, and that only
> users that existed in BOTH radius and the passwd file would be getting
in.
> That was acceptable to us. We just plan on giving the default a /bin/null
> shell so they get dumped anyway. We only want 6 users allowed, we just
have
> this nasty mandate to rotate our admin passwords every 30 days, and we
have
> 70 systems of different flavors and would just love to consolidate that a
> bit ;)
>
> Thanks again!
>
> Nick
>
>
>
>
>
>
> Joe Lewis
> <[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
> Sent by: cc:
> freeradius-users-admin@lists. Subject: Re:
RedHat 7.3 as Radius Client
> cistron.nl
>
>
> 09/04/2002 03:05 PM
> Please respond to
> freeradius-users
>
>
>
>
>
>
> /etc/pam.d/ssh
> /etc/pam.d/login
> /etc/pam.d/telnetd
>
> NOTE : pam_radius does NOT alleviate the need for the /etc/passwd file.
> pam_radius does not implement the pam_sm_setcred function to set the
> user id, group id, and other things. But, you can set a default_user in
> the configuration (but everyone not in the /etc/passwd will be
> default_user, so use with caution.)
>
> For you others, if there is an implementation out there that doesn't use
> the /etc/passwd, let me know.
>
> Joe
>
> [EMAIL PROTECTED] wrote:
>
>
>>
>>I hope this is not too basic, I have searched the archives for examples
>>
> of
>
>>a RedHat 7.3 install with no luck.
>>
>>Can someone help me with the use of the Radius Authentication PAM module
>>for RedHat 7.3, I want to have the server use an existing Cisco Secure
>>Radius service to authentcate SSH /console logins.
>>
>>What I have found is that RedHat 7.3 (or all 7.x) breaks out the PAM auth
>>files into seperate files rather than one pam.conf file. I am not sure
>>which ones in the /etc/pam.d folder I need to include the
>>
>>
>>
>>Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so
>>
>>In the per-application configuration (/etc/pam.d/application) add:
>>
>>auth required /lib/security/pam_securetty.so
>>auth sufficient /lib/security/pam_radius_auth.so
>>auth required /lib/security/pam_unix_auth.so
>>
>>
>>And when it comes to configuring the radius client to use my RADIUS
>>
> server
>
>>in the pam_radius_auth file in /etc/raddb/server (RedHat 7.3 doesn't have
>>that path.)
>>
>>Basically I think I understand a bit of what is needed, I am just not
>>
> sure
>
>>how to apply it for this variant of Linux.
>>
>>Thanks for any config help,
>>
>>Nick
>>
>>
>>
>>-
>>List info/subscribe/unsubscribe? See
>>
> http://www.freeradius.org/list/users.html
>
>>
>>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
