How to set RADIUS client for Linux

Posted on October 31, 2013 by

Install gcc and pam-devel

[root@server~]# yum install -y gcc pam-devel

 Download pam_radius

 [root@server~]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz

 Extract the zip file and compile the source

 [root@server~]# tar xfz pam_radius-1.3.17.tar.gz 

[root@server~]# cd pam_radius-1.3.17

[root@server~]# make

 Copy shared library

 [root@server~]# cp pam_radius_auth.so /lib/security/

 Edit sshd

[root@server~]# vim /etc/pam.d/sshd

Go to the first line of the file, paste this line:

auth        sufficient     /lib/security/pam_radius_auth.so

Note. The “sufficient” tag indicates that if the Radius authentication succeeds then no additional authentication will be required. However, if the Radius authentication fails, a username and password from the system will work. Use “Required” to use strong authentication.

Edit or create your /etc/raddb/server file

[root@server~]# vim /etc/raddb/server

127.0.0.1       secret      1

routableIPaddress      shared_secret      1

From Radius server, create account and add the client to allow to access radius

From linux client, add user with no password

[root@server~]# userpadd user1

 Test with ssh to the linux client

——– radius packet ——–

radius server : 10.10.1.122:1812

radius client : 10.10.1.123

[root@server~]# tcpdump -nni eth0 host 10.10.1.122 and port 1812

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

22:30:00.499762 IP 10.10.1.123.3902 > 10.10.1.122.1812: RADIUS, Access Request (1), id: 0xfe length: 86

22:30:00.507723 IP 10.10.1.122.1812 > 10.10.1.123.3902: RADIUS, Access Accept (2), id: 0xfe length: 82

Advertisements

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s