Shammer's Philosophy

My private adversaria

Enable PAM on Radius

Debian

About this article

This is a consecutive article of Radius Install & Basic Configuration - Shammerism. This is a description how to use PAM on Radius authentication.

Enable PAM procedure

  1. At default, PAM authentication is disabled. Editing /etc/freeradius/site-enabled/default makes PAM authentication enabled. In detail, remove # from /etc/freeradius/site-enabled/default at the line of "pam".
  2. Add radius group by groupadd -g 51 radiusmember, group ID and name are just example.
  3. Create user who can login via Radius or modify exists user to join radiusmember with following commands.
    • useradd -d $HomeDir -s /bin/bash -g staff -G radiusmember $UserName
    • usermod -G radiusmember $UserName
  4. Add PAM authentication section to /etc/freeradius/users
DEFAULT Auth-Type = Pam 
        Fall-Through = Yes 

DEFAULT Group == "radiusmember" 
        Reply-Message = "Your account group is correct", 
        Service-Type = NAS-Prompt-User, 
        Fall-Through = No