Re: pppd-pam + radiusd question
Does the contents of your /etc/pam.d/ppp file read:
#%PAM-1.0
# Information for the PPPD process with the 'login' option.
auth required pam_securetty.so
auth required pam_nologin.so
auth sufficient pam_radius_auth.so
auth required pam_unix_auth.so
account required pam_unix_acct.so
session required pam_unix_session.so
That setup works for me.
If I understand it, the passwd file should only be used in the above config if the radius server doesn't auth the user (we are still migrating).
Check the logs on your radius server as well...
One problem with this setup is the radius server's radwho script won't list any users on NAS's using pppd+pam+radius... (does anyone know why?)
Good luck,
Nathan
---------- Original Message ----------------------------------
From: "Alex V. Toropov" <alex@ct.spb.ru>
Date: Tue, 4 Apr 2000 18:13:06 +0400
>Hi, all
I'm trying to use dial-in ppp server with the folloing config:
mgetty monitors modem. On detecting AutoPPP fires pppd (with pam support)
pppd authorize user via radiusd throug pam_radius_auth.so get from
freeradius.org.
The problem is the following:
User authenticated only if he exists in /etc/passwd on machine, where
mgetty+pppd lives!
And his password in /etc/shadow doesn't matter. he just need to be a local
user.
Can anybody tell me why do I need to have this user?
AFAIK mgetty register a_ppp user, not user authenticating throu PAP.
Radiusd authentication succeded in any case (I'v seen success message from
pam_radius_auth
in /var/log/syslog) of user existance in local pwdb.
I have the following config for pam:
/etc/pam.d/ppp:
auth required pam_nologin.so
auth sufficient pam_radius_auth.so debug
session required pam_radius_auth.so
TIA Alex
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: