Install gcc and pam-devel

[root@server~]# yum install -y gcc pam-devel

 Download pam_radius

 [root@server~]# wget

 Extract the zip file and compile the source

 [root@server~]# tar xfz pam_radius-1.3.17.tar.gz 

[root@server~]# cd pam_radius-1.3.17

[root@server~]# make

 Copy shared library

 [root@server~]# cp /lib/security/

 Edit sshd

[root@server~]# vim /etc/pam.d/sshd

Go to the first line of the file, paste this line:

auth        sufficient     /lib/security/

Note. The “sufficient” tag indicates that if the Radius authentication succeeds then no additional authentication will be required. However, if the Radius authentication fails, a username and password from the system will work. Use “Required” to use strong authentication.

Edit or create your /etc/raddb/server file

[root@server~]# vim /etc/raddb/server       secret      1

routableIPaddress      shared_secret      1

From Radius server, create account and add the client to allow to access radius

From linux client, add user with no password

[root@server~]# userpadd user1

 Test with ssh to the linux client

——– radius packet ——–

radius server :

radius client :

[root@server~]# tcpdump -nni eth0 host and port 1812

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

22:30:00.499762 IP > RADIUS, Access Request (1), id: 0xfe length: 86

22:30:00.507723 IP > RADIUS, Access Accept (2), id: 0xfe length: 82

Posted in: Linux.
Last Modified: October 31, 2013

Leave a reply