Install gcc and pam-devel

[root@server~]# yum install -y gcc pam-devel

 Download pam_radius

 [root@server~]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz

 Extract the zip file and compile the source

 [root@server~]# tar xfz pam_radius-1.3.17.tar.gz 

[root@server~]# cd pam_radius-1.3.17

[root@server~]# make

 Copy shared library

 [root@server~]# cp pam_radius_auth.so /lib/security/

 Edit sshd

[root@server~]# vim /etc/pam.d/sshd

Go to the first line of the file, paste this line:

auth        sufficient     /lib/security/pam_radius_auth.so

Note. The “sufficient” tag indicates that if the Radius authentication succeeds then no additional authentication will be required. However, if the Radius authentication fails, a username and password from the system will work. Use “Required” to use strong authentication.

Edit or create your /etc/raddb/server file

[root@server~]# vim /etc/raddb/server

127.0.0.1       secret      1

routableIPaddress      shared_secret      1

From Radius server, create account and add the client to allow to access radius

From linux client, add user with no password

[root@server~]# userpadd user1

 Test with ssh to the linux client

——– radius packet ——–

radius server : 10.10.1.122:1812

radius client : 10.10.1.123

[root@server~]# tcpdump -nni eth0 host 10.10.1.122 and port 1812

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

22:30:00.499762 IP 10.10.1.123.3902 > 10.10.1.122.1812: RADIUS, Access Request (1), id: 0xfe length: 86

22:30:00.507723 IP 10.10.1.122.1812 > 10.10.1.123.3902: RADIUS, Access Accept (2), id: 0xfe length: 82

Posted in: Linux.
Last Modified: October 31, 2013

Leave a reply