Figure 6-6: tac_plus output with debug information
Caution: When TACACS and RADIUS work and have been configured on
the same client device, be careful with the order of the configuration lines
in /etc/pam.d/sshd. The TACACS configuration line must be added always
in first place and after it, the RADIUS configuration line. This is because
when the RADIUS configuration is the first line, authentication of the first
password always goes to the RADIUS server and, if is the password of
TACACS, the authentication will fail. With TACACS configuration in first
line, the first password is verified with both TACACS and RADIUS.
6.4 RADIUS
RADIUS (Remote Authentication Dial In User Service) is a security protocol for AAA
(Authorization, authentication and accounting), which is used to provide centralized
authentication for users who want to gain access to the network.
This section will define the processes necessary to install and configure the RADIUS client
on up to two servers on the WR-Z16 device.
The steps to install and configure a RADIUS server on an Ubuntu machine are explained in
Appendix" TACACS+ and RADIUS server configuration" on page148.
6.4.1 RADIUS configuration files
The different existing configuration files to modify the operation of the protocol are:
radiusd.conf: Contains protocol configuration parameters.
users: Contains users and access passwords.
clients.conf: Contains the list of clients that are allowed to make requests to the
RADIUS server.
templates.conf: The goal is to have a common configuration located in this file and
list only the differences in the individual sections. This feature is more useful for sec-
tions such as "customers."
trigger.conf: Used to set triggers for snmptrap.
proxy.conf: RADIUS proxy and configuration directives.
policy.d: Configuration files for policies of acceptance, rejection, filter, etc. of
requests
6.4 RADIUS
CHAPTER 6 • WR-Z16 User Manual Rev. v3.4
89
To Next Page
Loading...