Authenticate SSH users against Freeradius

Matt Zagrabelny mzagrabe at d.umn.edu
Mon May 20 20:11:17 CEST 2013


On Mon, May 20, 2013 at 12:58 PM, Roberto Carna
<robertocarna36 at gmail.com> wrote:
> Dear, I have:
>
> (A) One Freeradius server on Debian 6: freeradius installation and
> client.conf configuration
> (B) Another Debian 6 box with sshd: libpam-radius-auth installation
> (C) Several Windows and Linux ssh clients
>
> In (A) freeradius server, can I define the ssh users in client.conf file
> only ???

clients.conf is for the FR clients - not the users.

computer1 running FR
computer2 running sshd

computer2 is the client and belongs in the clients.conf file.

> In (B) debian sshd box server, do I have to install a radius client in
> addition to libpam-radius-auth package ??? And do I have to define any ssh
> user here ??

FR is doing whatever you want it to do in the PAM stack. We only have
it perform the authentication, but you could also have it perform
authorization, IIRC.

You will (also) need to set up local users or a central user
repository (LDAP, SQL, etc.) Check libnss-* packages for anything
other than /etc/passwd:

% apt-cache search libnss
libnss-gw-name - nss module that names the current gateway’s IP address
libnss-cache - NSS module for using nsscache-generated files
libnss-db - NSS module for using Berkeley Databases as a naming service
libnss-extrausers - nss module to have an additional passwd, shadow
and group file
libnss-ldap - NSS module for using LDAP as a naming service
libnss-lwres - NSS module for using bind9's lwres as a naming service
libnss-myhostname - nss module providing fallback resolution for the
current hostname
libnss-mysql-bg - NSS module for using MySQL as a naming service
libnss-pgsql2 - NSS module for using PostgreSQL as a naming service
libpam-ccreds - Pam module to cache authentication credentials
libpam-ldap - Pluggable Authentication Module for LDAP
libnss3 - Network Security Service libraries
libnss3-1d - Network Security Service libraries - transitional package
libnss3-dbg - Debugging symbols for the Network Security Service libraries
libnss3-dev - Development files for the Network Security Service libraries
libnss3-tools - Network Security Service tools
libnss-mdns - NSS module for Multicast DNS name resolution
libnss-ldapd - NSS module for using LDAP as a naming service
nslcd - Daemon for NSS and PAM lookups using LDAP
nss-passwords - read passwords from a Mozilla keyring
nss-updatedb - Cache name service directories in DB format
nsscache - asynchronously synchronise local NSS databases with remote
directory services
libpathfinder-dev - Development files for pathfinder
libpathfinder-nss-1 - Pathfinder integration Library for LibNSS
libnss-rainbow2 - nss library for rainbow
libnss-winbind - Samba nameservice integration plugins
winbind - Samba nameservice integration server
libnss-sss - Nss library for the System Security Services Daemon
libnss-sshsock2 - NSS module using an ssh socket connection

>
> Please, I need a good howto because I'm lost.

You will need to read a lot to get up to speed.

-mz


More information about the Freeradius-Users mailing list