Re: HOW-TO for Linux radius client
Nicolas Baradakis [EMAIL PROTECTED] wrote: My tests indicate that you need to implement only 2 functions to get login, xdm, ssh, etc. working on the client machines. enum nss_status _nss_radius_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen); enum nss_status _nss_radius_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen); I took a look at doing this a few years ago, and got lost in the morass of glibc internals. Apparently PAM can do UID/GID/etc mappings, too, but it's not documented. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: HOW-TO for Linux radius client
Hello, what are you using as backend for freeradius server? If you use LDAP as backend for freeradius, I really do NOT see the need for the use of RADIUS protocol to do authentication for such services ( login, ssh etc ). It would be easier if you implement auth against LDAP directory for such services, and use RADIUS where it can serve the purpose ( full AAA ) ! Regards, Edvin Seferovic From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J. C. Desai Sent: Freitag, 01. September 2006 21:34 To: freeradius-users@lists.freeradius.org Subject: HOW-TO for Linux radius client Hi, I am looking for a Linux client side HOW-TO for radiusauthentication without requiring presence of the login id on client side locally. The following is the authentication scenario I am trying: 1) I have freeRadius server installed on a RedHat Linux machine 2) I would like users logging into other RedHat Linux machines in our network to have their login/passwd authenticated using freeRadius server (for login, su, ssh, telnet, ftpetc. ways of accessing local client machines in the network) 3) I do not want to use LDAP on server or client side 4) I am using PAM and have experimented with pam_radius_auth module without success 5) The problem I am facing is that the login id has also to be defined locally on client Linux machines --- otherwise, for example, the su command fails indicating that the id does not exist (if I create the login id on client locally, then it queries freeRadius server) 6) I do not want to add ldap to nsswitch.conf file of client --- just want to stick to radius for now In summary, is there a Linux client side HOW-TOfor radiusauthentication without requiring presence of the login id on client side locally? Regards ... J. C. Desai - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HOW-TO for Linux radius client
J. C. Desai wrote: I am looking for a Linux client side HOW-TO for radius authentication without requiring presence of the login id on client side locally. Please no HTML to the list. I already tried to implement a similar setup but never found all the pieces of the puzzle. 5) The problem I am facing is that the login id has also to be defined locally on client Linux machines --- otherwise, for example, the su command fails indicating that the id does not exist (if I create the login id on client locally, then it queries freeRadius server) Indeed, the missing piece is the libnss-radius. I think you'll have to write your own. I've already looked at it and it's not very hard to do. My tests indicate that you need to implement only 2 functions to get login, xdm, ssh, etc. working on the client machines. enum nss_status _nss_radius_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen); enum nss_status _nss_radius_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen); More info in the glibc manual: http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
