General
cancel
Showing results for 
Search instead for 
Did you mean: 

installing radius client using sam on RH3 AS

thijs lankhorst_1
Frequent Advisor

installing radius client using sam on RH3 AS

Hi i ve been asked to configure/setup a radius client on a linux server at work but can not find any documentation on how to do this exactly. I ve setup the /etc/pam.cf and the /etc/raddb/server/pam_radius_auth.conf file but this has to point to a pam_radius_auth.so file what needs to be compiled and i dont know how to do this and dont know if this will work on RH3 AS. Can anybody help me or point me to documentation please?
8 REPLIES
thijs lankhorst_1
Frequent Advisor

Re: installing radius client using sam on RH3 AS

It should read: installing radius client using PAM
Vitaly Karasik_1
Honored Contributor

Re: installing radius client using sam on RH3 AS

There are several different radius servers/clients for linux; please provide more info about yours.
thijs lankhorst_1
Frequent Advisor

Re: installing radius client using sam on RH3 AS

we use standard RFC radius, no specific version and using a cisco acs server. Linux servers we use : Red Hat Enterprise Linux AS release 3 (Taroon Update 3)
Linux version 2.4.21-20.ELsmp and the packages currenlt on the server are:
pam_passwdqc-0.7.5-1
pam-0.75-58
pam_krb5-1.73-1
pam_smb-1.1.7-1
pam-devel-0.75-58
Vitaly Karasik_1
Honored Contributor

Re: installing radius client using sam on RH3 AS

I worked with Encoton(http://www.encotone.com) Radius server several years ago. As far as I remember, in these years [~1998], "standart" radius PAM module didn't provide authentication, but accounting only; there was 3rd party radius PAM module, some installation manual was attached.


may be this links will help:
http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-linux/2003-04/0036.html
http://www.uni-hohenheim.de/~schaefer/linux/pam/radius.config
thijs lankhorst_1
Frequent Advisor

Re: installing radius client using sam on RH3 AS

Hi Vitaly... i had a look at the following doc i found and to configure PAM so that it points to the 2 radius servers is the problem. I know that you used to be able to create a file called pam_radius_auth.conf in which you put the radius server(s)however that was in earlier versions of RH and you use to setup a pam.conf files aswell but all the config is now kept (on RH3) in /etc/pam.d.
http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/ch-pam.html
Vitaly Karasik_1
Honored Contributor

Re: installing radius client using sam on RH3 AS

no, I used the same /etc/pam.d directory.
In order to configure some programs to use radius, you should add "radius module line" in appropriate file, for example /etc/pam.d/login, ssh, etc.
thijs lankhorst_1
Frequent Advisor

Re: installing radius client using sam on RH3 AS

Ahh Ok..as you probably already guessed i dont know PAM and am learning as i get along. So if my login files looks as follows:
[root@gbahel50 pam.d]# more login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

Where would i enter the radius details and is it not neccesary to create a file like pam_radius_auth.conf which currently looks like ?:
more /etc/raddb/server/pam_radius_auth.conf
# pam_radius_auth file. Copy to: /etc/raddb/server
#
# server[:port] shared secret timeout (s)
127.0.0.1 secret 1
164.39.x.xx:port shared_secret 10
164.39.x.xx:port shared_secret 10

Thanks for your help by the way its much appreciated
Vitaly Karasik_1
Honored Contributor

Re: installing radius client using sam on RH3 AS

Unfortunately, I don't remember too many details now.... :-(
But the common picture is:

1) there is radius PAM module configuration files in /etc/raddb - you should point this module to the right radius server, configure shared secret and so on

2) you should add radius pam module into appropriate pam sequence[s]. For example, I used radius client for authentication via PPP, so my /etc/pam.d/ppp was
auth required pam_nologin.so
auth sufficient pam_unix.so
auth sufficient pam_radius_auth.so debug
account required pam_unix.so
session sufficient pam_radius_auth.so debug
session required pam_unix.so

["debug" provides more output in /var/log/messages]

For example, if you need radius authentication for telnet users, you shouild edit /etc/pam.d/telnet.

Resources:
http://www.freeradius.org/related/ pam_radius and other docs
http://www.freeradius.org/list/users.html FreeRADIUS maillist

good luck,
Vitaly