Subject: RE: Linux as a radius client
From: James Bagley Jr. (james@thelostnet.net)
Date: Tue Jul 02 2002 - 16:08:51 AKDT
I hate to be one to state the obvious, but wouldn't samba's winbind
software work better if the ultimate goal is to authenticate to a windows
user database on a windows server? Why deal with radius when it's easier
to talk to the windows boxen using their native protocols?
On Tue, 2 Jul 2002, Christopher E. Brown wrote:
>
> On Tue, 2 Jul 2002, Mike Barsalou wrote:
>
> > Chris,
> >
> > I am trying to setup a Win2k box to be a radius server. I then want users
> > that log into the linux box to use that radius server to authenticate
> > against.
> >
> > Hopefully that clears it up.
> >
> > Mike
>
>
> Ahh, ok. I will leave the whole goodthing/badthing issue alone, I
> think my views on this are well known.
>
>
> You are looking for the pam radius module and its docs. You of course
> have to be using a Linux distro that using PAM.
>
> A couple of things.
>
> Make sure your important system accounts are present locally (root
> authed via radius, BAD)
>
>
> Pay attention to the NT side of things, there will be interesting
> issues.
>
>
> Using RADIUS to auth particular services (POP3/IMAP, FTP, etc) is
> useful and handled via the individual daemons, doing system level
> auth via RADIUS/PAM for shell users has alot of corner cases you can
> get caught in. Trying to do it against a NT user database (rather
> than just having the generated auth data reside on an NT based RADIUS
> server) can be fun, specially dealing with the different hash types
> used for passwd storage.
>
>
>
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
-- DON'T PANIC--------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Tue Jul 02 2002 - 16:08:40 AKDT