pam_auth_radius

Alexander Clouter alex at digriz.org.uk
Thu Feb 17 10:56:46 CET 2011


Marc Phillips <rmarc at copacetic.net> wrote:
> 
> I've done a little looking and I see no group support for 
> pam_auth_radius.  One thought I had was to add some sort of auto 
> provision function to the pam module to add the user and associate 
> that user with a group via the supplied attribute from radius, then 
> remove the user on logout.
>
...you are quite right.  You should be able to use pam_skel (or whatever 
it is called) to create accounts on the fly, but the groups you will 
have to sync via other means.

Of course, if you are sync'ing groups, you might aswell sync user ids...
 
> Any thoughts on this?  Is there some other method that would be more 
> appropriate?  I have use for this for other psuedo-appliances. I've 
> tried using LDAP for those, but the chatter with vendor supplied ldap 
> modules was unmanagable.
> 
LDAP is the only way I know, other than a number of shell scripts to 
push out and keep up to date the passwd/group files by hand.  Not 
impossible and something that many people do.

Cheers

-- 
Alexander Clouter
.sigmonster says: If ignorance is bliss, why aren't there more happy people?




More information about the Freeradius-Users mailing list