Radius client configuration issue

merajs at gmail.com merajs at gmail.com
Tue Jul 28 16:00:18 CEST 2009


Hi  Ivan,

I think there is some confusion. Let me explain, we have 2 separate machine.
On one machine (Linux), radius server is setup and running independantly. on
this machine, we have made the
changes(/etc/raddb/server/pam_radius_auth.conf )
 
On another machine, which is client machine (On Solaris), PAM is configured
in SSH. Also, on this machine, we have pam.conf  (/etc/pam.conf) and
sshd_config files where authentication libraries and other properties are
set.
 
Now, I have to login through my client machine (radius client), and it has
to sent information to linux machine (where radius server's setup is done).
Per the understanding, Radius server will authenticate user when PAM is
enabled.
 
But it is not clear, how Radius client (on Solaris machine) knows to
communicate with Radius Server (on Linux machine).
 
1. Do we configure ip address of Radius server (on linux) at Radius client
(on Solaris machine) ?
2. Do we give username details on Radius server (on linux) machine?
 
I hope it might help to understand the scenario.
 
Regards,
Meraj


merajs at gmail.com wrote:
> 
> Hi Ivan,
> I have gone thorugh the link and check all the files. I also tried to
> compare with my existing installation:
> 
> 1) As per the given link, it seems that pam.conf is configured as:
> 
> login  auth       sufficient   /usr/lib/security/pam_radius_auth.so.1
> login   auth       required     /usr/lib/security/pam_unix_auth.so.1
> telnet auth        sufficient  /usr/lib/security/pam_radius_auth.so.1
> telnet auth        required    /usr/lib/security/pam_unix.so.1
> 
> which is on Solaris 2.6.
> 
> In our configuration on Solaris 5.10, pam.conf contains:
> 
> login   auth requisite          pam_authtok_get.so.1
> login   auth required           pam_dhkeys.so.1
> login   auth required           pam_unix_cred.so.1
> login   auth required           pam_unix_auth.so.1
> login   auth required           pam_dial_auth.so.1
> 
> where libraries are in folder /usr/lib/security
> 
> 
> 2) pam_radius_auth.conf is set at radius server (/etc/raddb/server), which
> contains server ip address and secret.
> 3) Also, client info is set in /etc/raddb/clients.conf on radius server
> 
> But I could not find where radius server ip is configured in radius
> client. I am not able to find how radius client knows about radius server.
> Please let me know if I am missing anything.
> 
> Regards,
> Meraj
> 
> 
> Ivan Kalik wrote:
>> 
>>> thanks for the link.
>>>
>>> I want to know if we can give radius server ip address and secret in
>>> pam.conf file.
>> 
>> No.
>> 
>>> I tried to configure radius server with CLI, but it doesn't seems to
>>> work.
>>> Can you please tell me how to configure radius server in radius client
>>> to
>>> work.
>> 
>> Did you actually read that linked page? It *does* say how and where to do
>> that.
>> 
>> Ivan Kalik
>> Kalik Informatika ISP
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> 
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Radius-client-configuration-issue-tp24678845p24698100.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list