FreeRadius + pam + sshd

For example we will authorized on 192.168.0.233 with pam on ssh from radius server on 192.168.0.1.

192.168.0.1:
For different nix system installation of freeradius and pam_radius_auth.so is not so difficult.
for ubuntu
sudo apt-get install freeradius
fo gentoo
emerge freeradius

 

192.168.0.233:
For the next you will download «PAM Authentication and Accounting module» from:
http://freeradius.org/pam_radius_auth/

Or (in ubuntu):

apt-get install libpam-radius-auth


To install it doing
1. make
2. Copy 'pam_radius_auth.so' to /lib/security/pam_radius_auth.so

192.168.0.1:
Next we will tune settings of freeradius:
All of files are store in /etc/raddb in gentoo or /etc/freeradius in ubuntu.

vim clients.conf
...
client 192.168.0.233 {
secret = passwordko
}
...
EOF
Hear we will allow to auth 192.168.0.233 on radius with pass passwordko.


192.168.0.233:
vim /etc/pam_radius_auth.conf and /etc/radiusclient/servers

192.168.0.1    passwordko 1
EOF

vim /etc/pam.d/sshd ( comment all lines like auth )

auth       required     pam_radius_auth.so debug
EOF

Thats all. Now you can login with passes like on 192.168.0.1 machine by ssh on 192.168.0.233.

Note that logins will be equal on 192.168.0.233 and 192.168.0.1. If you have no login on 192.168.0.233 like equal login on 192.168.0.1 — you cant login.

Anybody know how?? Please tell me on g.link0ln@gmail.com. (languages: Russian/Einglish)

Share