Hi,
I'm trying to configure Centos 7 incoming ssh connections to authenticate with Radius. The radius server is configured and working with other Centos 6 clients. This was setup by my predecessor so I don't exactly how they configured the Centos 6 clients.
Installed:
yum install pam_radius
yum install freeradius-client
yum install freeradius-utils
yum install radiusclient-ng
Configured the following
nano /etc/pam_radius_auth.conf
Code:
myradiusserver.com mysecretkey 3
nano /etc/pam.d/login
Code:
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth sufficient pam_radius_auth.so
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so
nano /etc/pam.d/sshd
Code:
auth sufficient /usr/lib64/security/pam_radius_auth.so debug
auth include system-auth
account sufficient pam_radius_auth.so debug
account required pam_nologin.so
account include system-auth
password include system-auth
session sufficient /usr/lib64/security/pam_radius_auth.so debug conf=/etc/raddb/server
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
nano /etc/raddb/server
Code:
myradiusserver.com mysecretkey 3
I don't have a /etc/pam.d/common-auth file.
When I test with
#radtest <username> <password> <myradiusserver.com:1812> <0> <mysecretkey>
it seems to work but I can't log in with ssh
Code:
Sent Access-Request Id 95 from 0.0.0.0:50094 to **.**.**.**:1812 length 78
User-Name = "******"
User-Password = "*********"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "***********"
Received Access-Accept Id 95 from **.**.**.**:1812 to 0.0.0.0:0 length 20
I'm obviously missing something but can't see what. I have googled but all I can find are tutorials to configure the radius servers not so much the clients.