Linux Explore » AAA https://blog.linuxexplore.com Exploring Linux Mon, 07 Apr 2014 00:30:50 +0000 en-US hourly 1 https://wordpress.org/?v=4.0.38 PAM with Radius Authentication https://blog.linuxexplore.com/2013/01/12/pam-with-radius-authentication-2/ https://blog.linuxexplore.com/2013/01/12/pam-with-radius-authentication-2/#comments Sat, 12 Jan 2013 15:57:48 +0000 http://linuxexplore.com/?p=686 PAM Radius Module allows any PAM-capable machine to become a RADIUS client for authentication and accounting requests. The actual authentication will be performed by a RADIUS server. The freeradius can be used for radius server.

PAM

Download the PAM Radius Module

To download the PAM Radius module, click here.

Installing & configuring PAM Radius Module

To install PAM radius module, give the following commands:

[root@rahul-pc]# tar -xvf pam_radius-1.3.17.tar.gz

[root@rahul-pc]# cd pam_radius-1.3.17

[root@rahul-pc]# make

It will generate a library file pam_radius_login.so. Copy that file to /lib/security/ directory.

[root@rahul-pc]# cp pam_radius_login.so /lib/security/

Create a directory /etc/raddb/. Copy the file pam_radius_auth.conf to /etc/raddb/ directory named as server.

[root@rahul-pc]# mkdir /etc/raddb/

[root@rahul-pc]# cp pam_radius_auth.conf /etc/raddb/server

Change the file /etc/raddb/server according to your configuration.

# Radius Server IP address           Secret                                   Timeout

192.168.2.43                                       yoursecret                          3

Configure PAM Applications for Radius Server

After doing the above configurations, edit the PAM application’s files to authenticate from radius server.

SSH server configuration

To authenticate the SSH server request from radius server, edit the file /etc/pam.d/sshd.  Add a new line

auth                       sufficient                             pam_radius_auth.so

above the following line

auth                       include                                 system-auth

After changing the PAM file, the authentication request for SSH server will go to the configured radius server (192.168.2.43 in our example) first. If the request is not accepted from radius server, then it will check the system-authentication.

Password change configuration

Similarly, to change the password of any SSH user, change the file /etc/pam.d/passwd. Add a new line

password                            sufficient                             pam_radius_auth.so

above the following line

password                            include                 system-auth

After this password change request will go to the radius server.

FTP Server Configuration

Similarly do the above changes for vsftpd file in /etc/pam.d/ directory. Then the entire authentication request for FTP server will go to radius server.

In the same way do the changes for other required applications.

PAM with Radius Authentication.

]]> https://blog.linuxexplore.com/2013/01/12/pam-with-radius-authentication-2/feed/ 3