Enable PAM on Radius
About this article
This is a consecutive article of Radius Install & Basic Configuration - Shammerism. This is a description how to use PAM on Radius authentication.
Enable PAM procedure
- At default, PAM authentication is disabled. Editing /etc/freeradius/site-enabled/default makes PAM authentication enabled. In detail, remove # from /etc/freeradius/site-enabled/default at the line of "pam".
- Add radius group by groupadd -g 51 radiusmember, group ID and name are just example.
- Create user who can login via Radius or modify exists user to join radiusmember with following commands.
- useradd -d $HomeDir -s /bin/bash -g staff -G radiusmember $UserName
- usermod -G radiusmember $UserName
- Add PAM authentication section to /etc/freeradius/users
DEFAULT Auth-Type = Pam Fall-Through = Yes DEFAULT Group == "radiusmember" Reply-Message = "Your account group is correct", Service-Type = NAS-Prompt-User, Fall-Through = No