I have had a single instance working (ubuntu 14.04 radius w/privacy idea),
but now I am trying to seperate the Radius server from the pricacyidea
server.
Both machines are ubuntu 14.04
radius server
apt-get install build-essential libpam0g-dev freeradius libqrencode3
nano /etc/freeradius/users
DEFAULT Auth-Type := PAM
nano /etc/freeradius/sites-enabled/default
uncomment PAM
nano /etc/pam.d/sshd
comment out @include common-auth added @include otp-aut
cp /etc/pam.d/common-auth /etc/pam.d/otp-auth
nano /etc/pam.d/otp-auth:
uth [success=3 default=ignore] pam_radius_auth.so
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
here’s the fallback if no module succeeds
auth requisite pam_deny.so
prime the stack with a positive return value if there isn’t one already;
this avoids us returning an error just because nothing sets a success code
since the modules above will each just jump around
auth required pam_permit.so
and here are more per-package modules (the “Additional” block)
auth optional pam_ecryptfs.so unwrap
auth optional pam_cap.so
on the Privacyidea server
followed install steps
logged in as admin
connected to LDAP
modified RADIUS config (in UI) to server above.
but when attempting the log in with user it fails. I feel that i missed
something simple.
looking for some assistance or steps that are more updated than those I
have found online.
thank you