HOW-TO for Linux radius client
Nicolas Baradakis
nbk at sitadelle.com
Fri Sep 1 23:37:58 CEST 2006
J. C. Desai wrote:
> I am looking for a Linux client side HOW-TO for radius authentication
> without requiring presence of the login id on client side locally.
Please no HTML to the list.
I already tried to implement a similar setup but never found all the
pieces of the puzzle.
> 5) The problem I am facing is that the login id has also to be defined
> locally on client Linux machines --- otherwise, for example, the su command
> fails indicating that the id does not exist (if I create the login id on
> client locally, then it queries freeRadius server)
Indeed, the missing piece is the libnss-radius. I think you'll have to
write your own. I've already looked at it and it's not very hard to do.
My tests indicate that you need to implement only 2 functions to get login,
xdm, ssh, etc. working on the client machines.
enum nss_status _nss_radius_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen);
enum nss_status _nss_radius_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen);
More info in the glibc manual:
http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html
--
Nicolas Baradakis
More information about the Freeradius-Users
mailing list