On Mon, May 20, 2013 at 12:58 PM, Roberto Carna <[email protected]> wrote: > Dear, I have: > > (A) One Freeradius server on Debian 6: freeradius installation and > client.conf configuration > (B) Another Debian 6 box with sshd: libpam-radius-auth installation > (C) Several Windows and Linux ssh clients > > In (A) freeradius server, can I define the ssh users in client.conf file > only ???
clients.conf is for the FR clients - not the users. computer1 running FR computer2 running sshd computer2 is the client and belongs in the clients.conf file. > In (B) debian sshd box server, do I have to install a radius client in > addition to libpam-radius-auth package ??? And do I have to define any ssh > user here ?? FR is doing whatever you want it to do in the PAM stack. We only have it perform the authentication, but you could also have it perform authorization, IIRC. You will (also) need to set up local users or a central user repository (LDAP, SQL, etc.) Check libnss-* packages for anything other than /etc/passwd: % apt-cache search libnss libnss-gw-name - nss module that names the current gateway’s IP address libnss-cache - NSS module for using nsscache-generated files libnss-db - NSS module for using Berkeley Databases as a naming service libnss-extrausers - nss module to have an additional passwd, shadow and group file libnss-ldap - NSS module for using LDAP as a naming service libnss-lwres - NSS module for using bind9's lwres as a naming service libnss-myhostname - nss module providing fallback resolution for the current hostname libnss-mysql-bg - NSS module for using MySQL as a naming service libnss-pgsql2 - NSS module for using PostgreSQL as a naming service libpam-ccreds - Pam module to cache authentication credentials libpam-ldap - Pluggable Authentication Module for LDAP libnss3 - Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools libnss-mdns - NSS module for Multicast DNS name resolution libnss-ldapd - NSS module for using LDAP as a naming service nslcd - Daemon for NSS and PAM lookups using LDAP nss-passwords - read passwords from a Mozilla keyring nss-updatedb - Cache name service directories in DB format nsscache - asynchronously synchronise local NSS databases with remote directory services libpathfinder-dev - Development files for pathfinder libpathfinder-nss-1 - Pathfinder integration Library for LibNSS libnss-rainbow2 - nss library for rainbow libnss-winbind - Samba nameservice integration plugins winbind - Samba nameservice integration server libnss-sss - Nss library for the System Security Services Daemon libnss-sshsock2 - NSS module using an ssh socket connection > > Please, I need a good howto because I'm lost. You will need to read a lot to get up to speed. -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
