I got it to work from the command line. Now I can run radtest from the test workstation and it successfully connects to the server and authenticates the username and password. I’m still having trouble with the pam_radius_auth module though. More to the point, I’m having trouble with PAM. Here are the contents of the important files (what I think are relevant files):
/etc/pam.d/sshd (on workstation):
#%PAM-1.0
auth sufficient /lib/security/pam_radius_auth.so debug
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password sufficient /lib/security/pam_radius_auth.so debug
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
/etc/pam.d/system-auth (on workstation):
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
/etc/raddb/server (on workstation) file only has:
servername:1645 testsecret 3
If anyone has any ideas on what could be wrong, let me know.
Shannon
Alan,
=20
I finally figured out what my problem was with the Freeradius server
communicating to the SQL database, and I got that up and working (from
the localhost). Thank you everybody for all your help. :-)
=20
Now I'm trying to figure out how to get my workstations to communicate
with the server. I'm running Red Hat 8, which has a slightly different
PAM setup than previous versions. From my rather limited understanding
of PAM, it looks like almost every application refers back to
/etc/pam.d/system-auth to authenticate. I tried adding the line "auth
sufficient /lib/security/pam_radius_auth.so" into sshd, but it doesn't
work. It gives me a protocol error. The FreeRadius server never even
gets the request, so it must be something to do with PAM or the client
setup. I tried running radtest from the client command line, but that
also never gets to the server (or doesn't show up when it's in debug
mode). After I get that working, I would like it to map a couple
directories via NFS (or something more secure, if possible). Any ideas?
=20
Shannon
