freeradius using PAM to authenticate thru NT domain

[Rodolfo Siviero Stein]

Hello guys,

I am trying to configure a freeradius server to authenticate users in an NT Domain. I am using RedHat 7.3, but I am a newbie with smb related things.

I don't understand PAM very well, so I don't know if my PAM_SMB configuration is working (I did it using authconfig)....

Anybody can send me a working radiusd PAM file (my files are above)?

Is this way ( freradius -> PAM -> pam_smb -> NT Domain) the best way to authenticate these users ? I see in the experimental.conf about a SMB authication type , but I don't know how to use it.

Please, any comments, links, howto, anything are welcome. :)

Rodolfo

My radiusd PAM file is:

#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so

and the system-auth PAM file is:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_smb_auth.so use_first_pass nolocal
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so




- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html