Hello,
what are you using as
backend for freeradius server? If you use LDAP as backend for freeradius, I
really do NOT see the need for the use of RADIUS protocol to do authentication
for such services ( login, ssh etc ). It would be easier if you implement auth
against LDAP directory for such services, and use RADIUS where it can serve the
purpose ( full AAA ) !
Regards,
Edvin Seferovic
From:
freeradius-users-bounces+edvin.seferovic=kolp.at@lists.freeradius.org
[mailto:freeradius-users-bounces+edvin.seferovic=kolp.at@lists.freeradius.org] On Behalf Of J. C. Desai
Sent: Freitag, 01. September 2006
21:34
To:
freeradius-users@lists.freeradius.org
Subject: HOW-TO for Linux radius
client
Hi,
I am looking for a Linux client side HOW-TO for
radius authentication without requiring presence of the login id on client
side locally.
The following is the authentication scenario I am trying:
1) I have freeRadius server installed on a RedHat Linux
machine
2) I would like users logging into other RedHat Linux
machines in our network to have their login/passwd authenticated using
freeRadius server (for login, su, ssh, telnet, ftp etc. ways of accessing
local client machines in the network)
3) I do not want to use LDAP on server or client side
4) I am using PAM and have experimented with pam_radius_auth
module without success
5) The problem I am facing is that the login id has also to
be defined locally on client Linux machines --- otherwise, for example, the su
command fails indicating that the id does not exist (if I create the login id
on client locally, then it queries freeRadius server)
6) I do not want to add "ldap" to nsswitch.conf
file of client --- just want to stick to radius for now
In summary, is there a Linux client side HOW-TO for
radius authentication without requiring presence of the login id on client
side locally?
Regards ... J. C. Desai