RADIUS server // local authentication and authorization via unix + pam

Yeah, its sucks. Use this option in only secured networks!

Check /etc/pam.d for radiusd file.

/etc/raddb/clients.conf

 client 192.168.100.60 {
	ipv4addr 	= 192.168.100.60
	secret		= mysecret
	shortname	= myshortname
 }

/etc/raddb/radius.conf
You wanna read /etc/shadow? Become root. —> Yeah, its sucks. Use this option in only secured networks!

user = root
group = root

/etc/raddb/sites-enabled/default

Section authorize {}: enable unix and pap. Unix should be located above pap.

Section authenticate {}:
Tune

 Section authenticate {
   Auth-Type PAP {
     pap
     pam
   }

and

 # Pluggabele Authentication Modules
 pam

Enable module pam

Enable module unix and add

 radwtmp = ${logdir}/radwtmp
 passwd  = /etc/passwd
 shadow  = /etc/shadow
 group   =  /etc/group

Generate certs.

Debug:

 radiusd -X 2>&1

Test on client machine/server:

 radtest -x usernametotest passwordtotest radius_server 0 radius_secret

HINT:
… requires cleartext password means: This module works only with this f..ing local users plain text file.

Advertisements