How to configure Solaris 10 Radius Authentication client.
Hi Guys, I need to configure bunch of Solaris servers to use RADIUS PAM for Authentication/Authorization. I followed instructions in http://freeradius.org/pam_radius_auth/ and was able to configure Authentication portion of this task. There is one problem - the only way I can receive login shell on this box - if user already exists. I suspect I need to pass some variables from RADIUS server to my Solaris RADIUS client. Does anybody know what are they? Thanks, Alek. This e-mail (and attachment(s)) is confidential, proprietary, may be subject to copyright and legal privilege and no related rights are waived. If you are not the intended recipient or its agent, any review, dissemination, distribution or copying of this e-mail or any of its content is strictly prohibited and may be unlawful. All messages may be monitored as permitted by applicable law and regulations and our policies to protect our business. E-mails are not secure and you are deemed to have accepted any risk if you communicate with us by e-mail. If received in error, please notify us immediately and delete the e-mail (and any attachments) from any computer or any storage medium without printing a copy. Ce courriel (ainsi que ses pièces jointes) est confidentiel, exclusif, et peut faire l’objet de droit d’auteur et de privilège juridique; aucun droit connexe n’est exclu. Si vous n’êtes pas le destinataire visé ou son représentant, toute étude, diffusion, transmission ou copie de ce courriel en tout ou en partie, est strictement interdite et peut être illégale. Tous les messages peuvent être surveillés, selon les lois et règlements applicables et les politiques de protection de notre entreprise. Les courriels ne sont pas sécurisés et vous êtes réputés avoir accepté tous les risques qui y sont liés si vous choisissez de communiquer avec nous par ce moyen. Si vous avez reçu ce message par erreur, veuillez nous en aviser immédiatement et supprimer ce courriel (ainsi que toutes ses pièces jointes) de tout ordinateur ou support de données sans en imprimer une copie.
-----BEGIN PGP SIGNED MESSAGE----- On Jun 4, 2012, at 2:06 PM, Alek Barsky wrote:
I need to configure bunch of Solaris servers to use RADIUS PAM for Authentication/Authorization.
PAM only does authentication. After all, it stands for Pluggable Authentication Modules.
I followed instructions in http://freeradius.org/pam_radius_auth/ and was able to configure Authentication portion of this task. There is one problem – the only way I can receive login shell on this box – if user already exists.
That's because in addition to PAM you still need some kind of directory to hold all the other user information like user id, group id, home directory, gecos field and preferred shell. /etc/nsswitch.conf determines where that information can be retrieved from (files, NIS, LDAP, DNS, etc.). I am not aware of a solution that lets you use RADIUS as a directory service for Solaris. - - Michael -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.0.3 (Build 1) Charset: windows-1252 wsBVAwUBT80NGZbfnpCg64TVAQHd4ggArN/0myf0kzlm1eSp+uMZuUl/s4Zi2Ua3 2nhocQZ6psuKwsDXphEkZqOeR5ZOjms8I3HiljLs8Cg6W7iE6ykFU0TRK8miG301 HQLWqHczFA/X4bDsHa8UH6do9Bvt9Nd6uDYn4ksrKJFCQabhTaVocECmOmXFLpUo JSWXqpoaLgS9HJOlb613PqJQa5P5B5poQs+5bN4CPVuyAqKHMjIGquZlswwbl63R hGM5JvlMhxiL7/U7XDqxZNAeo3vz01nVkYE4C6Ml+imYyVWJmBR60MdrehzpsN+s dsJ2LK93Pv1y9r6CbvzhmNnRKxAOy+srk751FcmFEyg5unMZhgbizA== =qg2E -----END PGP SIGNATURE-----
participants (3)
-
Alan DeKok -
Alek Barsky -
Michael Hocke