Hi Todor,
Thanks, Ive read before that there has to be a user on the local server with
the same name as the windows domain and i have used the man pages for the
configuration, i think the problem lies with the autentication against the
Radius server, or the Radius server itself.
I shall venture forth and try to combat this plague!!! :-P
thanks for the speedy reply btw!
=)
Todor Genov-2 wrote:
>
> Hi Matt,
>
>
> The three important steps here are as follows:
>
> 1.) Confirm that authentication against the RADIUS server succeeds using
> any command line RADIUS util.
>
> 2.) configure /etc/radius.conf as per "man pam_radius" and man
> "radius.conf"
>
> 3.) Add a user on the FreeBSD machine whose name corresponds with the
> Windows domain account (if the name contains spaces then refer to the
> pre-Windows2000 compatible username in AD). This is mandatory as
> pam_radius is only used for authentication. UID, GID, home dir and all
> *nix relevant account parameters are still retrieved from the local user
> database.
>
> An alternative to step 3 would be to use the template_user option in
> radius.conf, but this means that all your Windows users will appear to
> the system with same UID/GID as the template_user.
>
>
> MattAD wrote:
>> I would just like to know if anyone on earth has been able to get the
>> pam_radius module working on FreeBSD, using a windows domain username
>> through ssh... ??? This has become a mystery to me. My /etc/pam.d/sshd
>> config looks like so:
>>
>> #
>> # $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
>> #
>> # PAM configuration for the "sshd" service
>> #
>>
>> # auth
>> authrequiredpam_nologin.so no_warn
>> authsufficient pam_opie.so no_warn
>> no_fake_prompts
>> authrequisite pam_opieaccess.so no_warn
>> allow_local
>> authsufficient pam_radius.so no_warn
>> try_first_pass
>> #auth sufficient pam_krb5.so no_warn
>> try_first_pass
>> #auth sufficient pam_ssh.so no_warn
>> try_first_pass
>> authsufficient pam_unix.so no_warn
>> try_first_pass
>>
>> # account
>> account requiredpam_nologin.so
>> #accountrequiredpam_krb5.so
>> account requiredpam_login_access.so
>> account requiredpam_unix.so
>>
>> # session
>> #sessionoptionalpam_ssh.so
>> session requiredpam_permit.so
>>
>> # password
>> #password sufficient pam_krb5.so no_warn
>> try_first_pass
>> passwordrequiredpam_unix.so no_warn
>> try_first_pass
>>
>>
>> :confused:
>
> --
> Regards,
>
> Todor Genov
> Systems Operations
>
> Verizon Business South Africa (Pty) Ltd
>
> [EMAIL PROTECTED]
> Tel: +27 11 235 6500
> Fax: 086 692 0543
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
>
>
--
View this message in context:
http://www.nabble.com/Radius-Authentication-tp20013780p20027802.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"