[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

login_radius

To: misc@openbsd.org
Subject: login_radius
From: Tero Ripattila <tero@ripattila.com>
Date: 03 May 2004 00:29:34 +0300
Organization: n/a

Hello all,

I am trying to use login_radius authentication class to authenticate my
users agains a freeradius setup running on another OpenBSD setup.

I placed following lines to configuration files like suggested on the
man page
<http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&apropos=0&sektion=0&manpath=OpenBSD+3.5&arch=i386&format=>:

$ cat /etc/login.conf

radius:\
  :requirehome@:\
  :auth=radius:\
  :radius-server=192.168.0.11:\
  :radius-timeout=1:\
  :radius-retries=5:

$ ls -l /etc/raddb

drwxr-xr-x   2 root     _radius      512 May  2 23:12 raddb

$ ls -l /etc/raddb/server

-rw-r-----  1 root  _radius  23 May  2 23:11 servers

$ cat /etc/raddb/servers

192.168.0.11 foo

I connected a test user to radius-based authentication class:

$ userinfo foo 

login   foo
passwd  *
uid     1001
groups  users ssh
change  NEVER
class   radius
gecos   Test User
dir     /home/foo
shell   /usr/local/bin/bash
expire  NEVER

And when I try to ssh to this computer using the test account created, I
get failed password errors:

$ cat /var/log/auth

May  2 23:48:37 kanki sshd[19713]: Failed password for foo from
192.168.0.12 port 4898 ssh2

I checked Freeradius logs and there were no login attempts at all. What
have I done wrong ?

Best regards,
Tero

Follow-Ups:
- Re: login_radius
  - From: Petr Ruzicka <pruzicka@openbsd.cz>

Prev by Date: Re: limiting a user to login only via serial link
Next by Date: Delivery Status Notification (Failure)
Prev by thread: fixing pops with audio cd using cdrecord sony crx-140e
Next by thread: Re: login_radius
Index(es):
- Date
- Thread