[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nufw-users] Radius authentication
From: |
Johann Spies |
Subject: |
Re: [Nufw-users] Radius authentication |
Date: |
Tue, 17 Jun 2008 10:59:50 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, Jun 13, 2008 at 04:43:19PM +0200, Eric Leblond wrote:
> libpam-nufw is a transparent NuFW client for Unixes.
>
> To authenticate against radius, you need to configure nuauth to use the
> "system" authentication module. Once it is done, you will have to
> configure PAM to authenticate against radius:
> * nuauth and PAM configuration:
> http://www.nufw.org/docs/howto22/x668.html#AEN670
> * Howto PAM radius:
> http://www.wikidsystems.com/documentation/howtos/pamradius
Thanks for your reply. I made some progress with the help of these
two links as well as some others.
What I have done so far (This is a Debian Stable server):
* installed libpam-radius-auth
* compiled and installed nufw 2.2.15 from Debian Testing
* Have the following in
- /etc/nufw/nuauth.conf
nuauth_user_check_module="system"
nuauth_acl_check_module="plaintext"
I don't understand what the second of these two lines are doing.
- /etc/pam_radius_auth.conf
<server> <secret> 4
- /etc/pam.d/common_auth
auth sufficient /lib/security/pam_radius_auth.so
auth required pam_unix.so nullok_secure
Now my questions and problems:
1. Is it neccesary to configure nsswitch.conf? Why or why not?
2. The following happens:
$ sudo nuauth -vvvvvvvv
** Message: [7] debug_level is 8
** Message: [+] Starting nuauth 2.2.15 ($Revision: 4601 $) with config
/etc/nufw//nuauth.conf
** ERROR **: Unable to load module nuprelude in /usr/lib/nuauth/modules
aborting...
Aborted
> > Maybe I must ask the question here: Am I on the right track trying
> > out NuFW or should I look further?
>
> It seems ok but you may give us more details.
What type of details do you need?
Here are a few:
* At the moment we have FW-1 on two firewall servers and a management
server clustered by Rainwall.
* Users authenticate against the firewall from a radius server when
they want to use the internet. They pay for the bandwith they use.
* Some users use a pay-as-you-go method of payment and we should be
able to monitor their usage in real time.
* We need both IP-address and username to do proper accounting.
Regards
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"Many are the afflictions of the righteous; but the
LORD delivereth him out of them all."
Psalms 34:19
- [Nufw-users] Radius authentication, Johann Spies, 2008/06/13
- Re: [Nufw-users] Radius authentication, Eric Leblond, 2008/06/13
- Re: [Nufw-users] Radius authentication,
Johann Spies <=
- Re: [Nufw-users] Radius authentication, Eric Leblond, 2008/06/17
- Re: [Nufw-users] Radius authentication, Johann Spies, 2008/06/17
- Re: [Nufw-users] Radius authentication, Johann Spies, 2008/06/18
- Re: [Nufw-users] Radius authentication, Eric Leblond, 2008/06/18
- Re: [Nufw-users] Radius authentication, Johann Spies, 2008/06/18