Good day to anyone. I need your help.
I want to create a centralization server for authorization my users via SSH connections. My manager suggested me a RADIUS + PAM, but frankly speaking I read a lot information about these and understood one thing - RADIUS could work only with password authorization. It means I should create users without password on every RHEL system. I tested for myself freeradius and I think this soft can't create and keep users accounts with right permissions (gid, uid, group) - ONLY password authorization. Am I right ? I really read a lot documents in the Internet and all manual include next step "... you must create a user on client server for login ..."
What I need. I want to have clear server which will be setted on authorization server. Withous any users and groups. Clear. I'll connect from my PC via SSH to some server and last one should request information about my account from authorization server. Then it should load my defauld profile, permissions and "clear system" which hasn't any users and group shoud understand my rights (gid, uid, group).
Is it possible ? I think try LDAP+PAM+SSH. Any ideas ?
Thanks and sorry for my bad english.
Hello folks,
I was guessing if there is a way for configuring Radius authorization on Linux clients. My meaning is to make Radius server manage the authorization/permissions when executing any commnand on my linux servers.
Then, there's any way to configure this with Radius? can I also... (1 Reply)
I am trying to connect to Windows server via Linux server through a script and run two commands " cd and ls " But its giving me error saying " could not start the program" followed by the command name i specify e g : "cd"
i am trying in this manner "
ssh username@servername "cd... (5 Replies)
Hi,
I want to use ssh to add a register key on remote ssh server. Since there are space characters in my register key string, it always failed. If there is no space characters in the string, it worked fine. The following is what I have tried. It seems that "ssh" command doesn't care about double... (9 Replies)
Network Configuration Figure
http://geocities.com/fy_heng/test1.JPG
Dear all,
I currently performing an testing using the above network configuration (Please click on the above link).
On how actually the RADIUS server can authenticate the user who connect to the WAP (wireless access point)... (0 Replies)
RADIUS.CONF(5) InterNetNews Documentation RADIUS.CONF(5)NAME
radius.conf - Configuration for nnrpd RADIUS authenticator
DESCRIPTION
This describes the format and attributes of the configuration file for the nnrpd RADIUS authenticator. See radius(1) for more information
about the authenticator program. The default location for this file is radius.conf in pathetc.
Blank lines and lines beginning with "#" are ignored, as is anything after a "#" on a line. All other lines should begin with a parameter
name followed by a colon and the value of that key, except that each section of configuration for a particular server should be enclosed
in:
server <name> {
# parameters...
}
where <name> is just some convenient label for that server.
The available parameters are:
radhost
The hostname of the RADIUS server to use for authentication. This parameter must be set.
radport
The port to query on the RADIUS server. Defaults to 1645 if not set.
lochost
The hostname or IP address making the request. The RADIUS server expects an IP address; a hostname will be translated into an IP
address with gethostbyname(). If not given, this information isn't included in the request (not all RADIUS setups require this
information).
locport
The port the client being authenticated is connecting to. If not given, defaults to 119. This doesn't need to be set unless readers
are connecting to a non-standard port.
secret
The shared secret with the RADIUS server. If your secret includes spaces, tabs, or "#", be sure to include it in double quotes. This
parameter must be set.
prefix
Prepend the value of this parameter to all usernames before passing them to the RADIUS server. Can be used to prepend something like
"news-" to all usernames in order to put news users into a different namespace from other accounts served by the same server. If not
set, nothing is prepended.
suffix
Append the value of this parameter to all usernames before passing them to the RADIUS server. This is often something like
"@example.com", depending on how your RADIUS server is set up. If not set, nothing is appended.
ignore-source
Can be set to "true" or "false". If set to false, the RADIUS authenticator will check to ensure that the response it receives is from
the same IP address as it sent the request to (for some added security). If set to true, it will skip this verification check (if your
RADIUS server has multiple IP addresses or if other odd things are going on, it may be perfectly normal for the response to come from a
different IP address).
EXAMPLE
Here is a configuration for a news server named news.example.com, authenticating users against radius.example.com and appending
"@example.com" to all client-supplied usernames before passing them to the RADIUS server:
server example {
radhost: radius.example.com
lochost: news.example.com
secret: IamARADIUSsecRET
suffix: @example.com
}
The shared secret with the RADIUS server is "IamARADIUSsecRET".
HISTORY
This documentation was written by Russ Allbery <rra@stanford.edu> based on the comments in the sample radius.conf file by Yury B. Razbegin.
$Id: radius.conf.pod 8200 2008-11-30 13:31:30Z iulius $
SEE ALSO radius(1)INN 2.5.3 2009-05-21 RADIUS.CONF(5)
