Monthly Archives: December 2012

Washington D.C.

Happy new year everyone, I will be in Washington D.C. in January, I will have my laptop with me, and 800 number should reach my cell phone if any issues. I expect to be back in Canada end of January, but definitely no later than end of February, again happy new year, and do call me up if anyone in Washington, we’ll have dinner!

Happy Holidays,

Dan.

Merry Christmas and Happy New Year

I tend to listen to a lot of music while doing anything during the day, my tastes differ so much depending on time of day and how I am feeling, that I listen to songs from almost every different country, language, and genre. Here are my Christmas Lyrics to you this year, compliments of Rod Stewart with slight modifications:

May the good Lord be with you
Down every road that you roam
And may sunshine and happiness
Surround you when you’re far from home
And may you grow to be proud, dignified and true
And do unto others as you’d have done to you

Be courageous and be brave
And in my heart you’ll always stay
Forever young.

May good fortune be with you
May your guiding light be strong
And may you never love in vain
And in my heart you will remain
Forever young….

Merry Christmas and Happy New Year,

Dan.

Authenticating users with freeradius on Centos

You may want to authenticate users with radius at some point, perhaps your backend stores all your users there, perhaps you do not want to login to many boxes to change password for same user, I will describe here how to authenticate users with almost any service.

First setup some repository depending on if your running 64 bit or not:
#64 Bit

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

#32 Bit

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm

Install it and configure it:

yum install pam_radius
alias pico='nano -w'
pico /etc/pam_radius.conf

Setup your radius details here
#server[:port] shared_secret timeout (s)
127.0.0.1 your_radius_secret_password 3

Add radius authentication to SSH

cd /etc/pam.d
pico sshd

#now for any users you want to authenticate, just toss following line as second line in any service
auth sufficient pam_radius_auth.so debug

Just open any file and edit it and its authenticating off radius
IMPORTANT NOTE: Do NOT think you can just add users to radius and login, you must actually create the user first! This is not LDAP, we are simply just providing another place to store passwords for users, nothing more, you can lockout the account on the system and still login with users radius passsword.

To add a user is simple as : adduser username
Delete a user just as simple : userdel -r username

Verify everything is ok:

ssh -l radius_user localhost 
exit
tail -100 /var/log/secure

You hopefully see something as follows:
pam_radius_auth: Got RADIUS response code 2

Exactly what we want, response code 2 from radius is Accept-Accept, so we typed in right password and should have been logged in.

Try some other services, pop open dovecot for instance:

pico /etc/pam.d/dovecot (add the same line)
telnet localhost 110
user radius_user
pass radius_pass
retr 1

You can do this for all your services,

Until Next Time,

SunSaturn.com