[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: login_radius



First of all I would try to run radius with some sort of debug to see if
it does get requests at all. Also, check radius password on both sides.
I use similar setup without problems.

Petr R.

Tero Ripattila [tero_(_at_)_ripattila_(_dot_)_com] wrote:
> Hello all,
> 
> I am trying to use login_radius authentication class to authenticate my
> users agains a freeradius setup running on another OpenBSD setup.
> 
> I placed following lines to configuration files like suggested on the
> man page
> <http://www.openbsd.org/cgi-bin/man.cgi?query=login.conf&apropos=0&sektion=0&manpath=OpenBSD+3.5&arch=i386&format=>:
> 
> $ cat /etc/login.conf
> 
> radius:\
>   :requirehome@:\
>   :auth=radius:\
>   :radius-server=192.168.0.11:\
>   :radius-timeout=1:\
>   :radius-retries=5:
> 
> $ ls -l /etc/raddb
> 
> drwxr-xr-x   2 root     _radius      512 May  2 23:12 raddb
> 
> $ ls -l /etc/raddb/server
> 
> -rw-r-----  1 root  _radius  23 May  2 23:11 servers
> 
> $ cat /etc/raddb/servers
> 
> 192.168.0.11 foo
> 
> I connected a test user to radius-based authentication class:
> 
> $ userinfo foo 
> 
> login   foo
> passwd  *
> uid     1001
> groups  users ssh
> change  NEVER
> class   radius
> gecos   Test User
> dir     /home/foo
> shell   /usr/local/bin/bash
> expire  NEVER
> 
> And when I try to ssh to this computer using the test account created, I
> get failed password errors:
> 
> $ cat /var/log/auth
> 
> May  2 23:48:37 kanki sshd[19713]: Failed password for foo from
> 192.168.0.12 port 4898 ssh2
> 
> I checked Freeradius logs and there were no login attempts at all. What
> have I done wrong ?
> 
> Best regards,
> Tero