Re: [Nufw-users] Radius authentication

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nufw-users] Radius authentication

From:	Johann Spies
Subject:	Re: [Nufw-users] Radius authentication
Date:	Tue, 17 Jun 2008 10:59:50 +0200
User-agent:	Mutt/1.5.18 (2008-05-17)

On Fri, Jun 13, 2008 at 04:43:19PM +0200, Eric Leblond wrote:

> libpam-nufw is a transparent NuFW client for Unixes.
> 
> To authenticate against radius, you need to configure nuauth to use the
> "system" authentication module. Once it is done, you will have to
> configure PAM to authenticate against radius:
>  * nuauth and PAM configuration: 
> http://www.nufw.org/docs/howto22/x668.html#AEN670
>  * Howto PAM radius: 
> http://www.wikidsystems.com/documentation/howtos/pamradius

Thanks for your reply.  I made some progress with the help of these
two links as well as some others.

What I have done so far (This is a Debian Stable server):

* installed libpam-radius-auth
* compiled and installed nufw 2.2.15 from Debian Testing
* Have the following in 
  - /etc/nufw/nuauth.conf
    nuauth_user_check_module="system"
    nuauth_acl_check_module="plaintext" 

    I don't understand what the second of these two lines are doing.

  - /etc/pam_radius_auth.conf
    <server>      <secret>    4

  - /etc/pam.d/common_auth
    auth    sufficient     /lib/security/pam_radius_auth.so
    auth    required        pam_unix.so nullok_secure

Now my questions and problems:

1. Is it neccesary to configure nsswitch.conf?  Why or why not?
2. The following happens:
   $ sudo nuauth -vvvvvvvv
   ** Message: [7] debug_level is 8
   ** Message: [+] Starting nuauth 2.2.15 ($Revision: 4601 $) with config 
/etc/nufw//nuauth.conf

   ** ERROR **: Unable to load module nuprelude in /usr/lib/nuauth/modules
   aborting...
   Aborted

> > Maybe I must ask the question here:  Am I on the right track trying
> > out NuFW or should I look further?
> 
> It seems ok but you may give us more details.

What type of details do you need?

Here are a few:

* At the moment we have FW-1 on two firewall servers and a management
  server clustered by Rainwall.
* Users authenticate against the firewall from a radius server when
  they want to use the internet. They pay for the bandwith they use.
* Some users use a pay-as-you-go method of payment and we should be
  able to monitor their usage in real time.  
* We need both IP-address and username to do proper accounting.

Regards
Johann
-- 
Johann Spies          Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch

     "Many are the afflictions of the righteous; but the
      LORD delivereth him out of them all."       
                                   Psalms 34:19

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-users] Radius authentication, Johann Spies, 2008/06/13
- Re: [Nufw-users] Radius authentication, Eric Leblond, 2008/06/13
  - Re: [Nufw-users] Radius authentication, Johann Spies <=
    - Re: [Nufw-users] Radius authentication, Eric Leblond, 2008/06/17
    - Re: [Nufw-users] Radius authentication, Johann Spies, 2008/06/17
    - Re: [Nufw-users] Radius authentication, Johann Spies, 2008/06/18
    - Re: [Nufw-users] Radius authentication, Eric Leblond, 2008/06/18
    - Re: [Nufw-users] Radius authentication, Johann Spies, 2008/06/18

Prev by Date: Re: [Nufw-users] Radius authentication
Next by Date: Re: [Nufw-users] Radius authentication
Previous by thread: Re: [Nufw-users] Radius authentication
Next by thread: Re: [Nufw-users] Radius authentication
Index(es):
- Date
- Thread