05-03-2011
RADIUS server for SSH authorization
Good day to anyone. I need your help.
I want to create a centralization server for authorization my users via SSH connections. My manager suggested me a RADIUS + PAM, but frankly speaking I read a lot information about these and understood one thing - RADIUS could work only with password authorization. It means I should create users without password on every RHEL system. I tested for myself freeradius and I think this soft can't create and keep users accounts with right permissions (gid, uid, group) - ONLY password authorization. Am I right ? I really read a lot documents in the Internet and all manual include next step "... you must create a user on client server for login ..."
What I need. I want to have clear server which will be setted on authorization server. Withous any users and groups. Clear. I'll connect from my PC via SSH to some server and last one should request information about my account from authorization server. Then it should load my defauld profile, permissions and "clear system" which hasn't any users and group shoud understand my rights (gid, uid, group).
Is it possible ? I think try LDAP+PAM+SSH. Any ideas ?
Thanks and sorry for my bad english.
5 More Discussions You Might Find Interesting
1. Cybersecurity
Eh... yeah. What the title says. :D (1 Reply)
Discussion started by: PSC
1 Replies
2. IP Networking
Network Configuration Figure
http://geocities.com/fy_heng/test1.JPG
Dear all,
I currently performing an testing using the above network configuration (Please click on the above link).
On how actually the RADIUS server can authenticate the user who connect to the WAP (wireless access point)... (0 Replies)
Discussion started by: Paris Heng
0 Replies
3. Shell Programming and Scripting
Hi,
I want to use ssh to add a register key on remote ssh server. Since there are space characters in my register key string, it always failed. If there is no space characters in the string, it worked fine. The following is what I have tried. It seems that "ssh" command doesn't care about double... (9 Replies)
Discussion started by: leaftree
9 Replies
4. Shell Programming and Scripting
I am trying to connect to Windows server via Linux server through a script and run two commands " cd and ls " But its giving me error saying " could not start the program" followed by the command name i specify e g : "cd"
i am trying in this manner "
ssh username@servername "cd... (5 Replies)
Discussion started by: sunil seelam
5 Replies
5. UNIX for Advanced & Expert Users
Hello folks,
I was guessing if there is a way for configuring Radius authorization on Linux clients. My meaning is to make Radius server manage the authorization/permissions when executing any commnand on my linux servers.
Then, there's any way to configure this with Radius? can I also... (1 Reply)
Discussion started by: carpannav
1 Replies
LEARN ABOUT DEBIAN
squid3_radius_auth
squid_radius_auth(8) System Manager's Manual squid_radius_auth(8)
NAME
squid_radius_auth - Squid RADIUS authentication helper
SYNOPSIS
squid_radius_auth -f configfile
squid_radius_auth -h "server" [-p port] [-i identifier] -w secret
DESCRIPTION
This helper allows Squid to connect to a RADIUS server to validate the user name and password of Basic HTTP authentication.
-f configfile
Specifies the path to a configuration file. See the CONFIGURATION section for details.
-h server
Alternative method of specifying the server to connect to
-p port
Specify another server port where the RADIUS server listens for requests if different from the default RADIUS port. Normally not
specified.
-i identifier
Unique identifier identifying this Squid proxy to the RADIUS server. If not specified the IP address is used as to identify the
proxy.
-w secret
Alternative method of specifying the shared secret. Using the configuration file is generally more secure and recommended.
-t timeout
RADIUS request timeout. Default 10 seconds.
CONFIGURATION
The configuration specifies how the helper connects to RADIUS. The file contains a list of directives (one per line). Lines beginning with
a # is ignored.
server radiusserver
specifies the name or address of the RADIUS server to connect to.
secret somesecretstring
specifies the shared RADIUS secret.
identifier nameofserver
specifies what the proxy should identify itsels as to the RADIUS server. This directive is optional.
port portnumber
Specifies the port number or service name where the helper should connect.
AUTHOR
This manual page was written by Henrik Nordstrom <hno@squid-cache.org>
squid_radius_auth is written by Marc van Selm <selm@cistron.nl> with contributions from Henrik Nordstrom <hno@squid-cache.org> and many
others
QUESTIONS
Any questions on usage can be sent to Squid Users <squid-users@squid-cache.org>, or to your favorite RADIUS list/friend if the question is
more related to RADIUS than Squid.
REPORTING BUGS
Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org> or ideas for new improvements to Squid Developers <squid-dev@squid-
cache.org>
SEE ALSO
RFC2058 - Remote Authentication Dial In User Service (RADIUS)
Squid RADIUS Auth 7 August 2004 squid_radius_auth(8)