Scalix Forums


http://www.scalix.com/forums/

Is it possible to authenticate using RADIUS?

http://www.scalix.com/forums/viewtopic.php?f=2&t=1156

Page 1 of 1

Is it possible to authenticate using RADIUS?

Posted: Sat Jan 21, 2006 6:05 pm
by ts2136
Is it possible to authenticate users via RADIUS, and if so, how would I go about it?

Posted: Mon Jan 23, 2006 4:03 am
by florian
Absolutely; Scalix Authentication is based on PAM and there are PAM modules available for Radius - these are usually part of your Linux distribution.

Various services use different PAM config files; all of these can be found in /var/opt/scalix/sys/pam.d

ual.remote - Authentication for Outlook, SWA and IMAP clients
ual.local - Authentication for various command line clients (such as omtidyu)
pop3 - Authentication for POP3 clients
omslapdeng - Authentication of LDAP server

All these should usually be modified in parallel.

As RADIUS is delivered by a non-Scalix PAM module, one further thing needs to be looked at; Scalix hands over the username in "Scalix format", i.e. as a full X.400 string, including the mailnode, etc., and a lot of control characters. To convert the username into the Authentication ID, the om_om2authid PAM module must be used. Further information can be found in the modules manpage, but in principle, the following should be done:

1. Put the Radius username in the Authentication ID field of the user
ommodu -o lastname --authid radius_user_name
(or use the Advanced tab of the User Management portion of SAC to do that)

2. use the following - or similar - PAM configuration in ual.remote, etc.
auth required om_om2authid
auth required /lib/security/pam_radius.so

Hope this helps,
Florian.

Clarification of RADIUS configuration directives

Posted: Sun Jul 16, 2006 3:33 pm
by joel@open-unix.com
Could you please expand upon this a bit: I have followed your instructions to no avail. Additionally, there doesn't seem to be any good documentation on the authentication mechanisms and directives anywhere, could you offer a path to that as well?

Thanks!

Posted: Sun Jul 16, 2006 3:38 pm
by florian
what specifically are you looking for? documentation on the pam_radius module or how this integrates into scalix? what particular step is unclear to you?

thx,
Florian.

Posted: Sun Jul 16, 2006 3:41 pm
by florian
if you refer to the general directives in the PAM config file, btw., I believe you'll have to google on linux pam - i seem to remember that redhat hosts the project and will also provide the doc pages on this; exept for the location of the config files, PAM is not Scalix-specific, but general Linux Admin Know-How, so we don't specifically document it, in particular not using authentication mechanisms such as Radius that we don't directly support; Scalix docs will have information on Kerberos and LDAP authentication.

Cheers,
Florian.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/