Hello everyone,
I've just installed a fresh FreeBSD 8.2 to do a lab about SSH authentication using FreeRadius.
What I did: typed at top of /usr/local/etc/raddb/users the following:
This is my /usr/local/etc/raddb/clients.conf:
This is my /etc/radius.conf:
This is my /etc/pam.d/sshd:
Okay, so I open another terminal and in one I run
[cmd=]#radiusd -X[/cmd]
So with another terminal I run
[cmd=]ssh airton@127.0.0.1[/cmd]
The radiusd -X results:
How I can't get a shell if the
says this ?
Can anyone here help me?
I've just installed a fresh FreeBSD 8.2 to do a lab about SSH authentication using FreeRadius.
What I did: typed at top of /usr/local/etc/raddb/users the following:
Code:
airton Cleartext-Password := "senhaairton"
This is my /usr/local/etc/raddb/clients.conf:
Code:
client localhost {
ipaddr = 127.0.0.1
secret = senhaairton
nastype = other
}
This is my /etc/radius.conf:
Code:
auth 127.0.0.1 secret 1
This is my /etc/pam.d/sshd:
Code:
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
account required pam_nologin.so
# INCLUDED BY ME
#
auth sufficient pam_radius.so
#
#
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
Okay, so I open another terminal and in one I run
[cmd=]#radiusd -X[/cmd]
Code:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
So with another terminal I run
[cmd=]ssh airton@127.0.0.1[/cmd]
Code:
Password: I'm not typing nothing here, just press ENTER
RADIUS Password: and show this login prompt, here I type senhairton
The radiusd -X results:
Code:
rad_recv: Access-Request packet from host 127.0.0.1 port 37598, id=156, length=74
User-Name = "airton"
User-Password = "senhaairton"
NAS-Identifier = "radius.plafit.com.br"
Service-Type = Authenticate-Only
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "airton", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry airton at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "senhaairton"
[pap] Using clear text password "senhaairton"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 156 to 127.0.0.1 port 37598
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 156 with timestamp +313
Ready to process requests.
How I can't get a shell if the
Code:
[pap] User authenticated successfully
Can anyone here help me?