On Aug 27, 2021, at 2:36 PM, Jonathan Davis <jonathan@prioritycolo.com> wrote:
That's right, I was looking at it from different perspective (being ignorant of Attribute-Names and update <lists>. I saw the following in mods-enabled/pam
pam { pam_auth = radiusd }
Yeah, the module configurations are substantially different from the attributes.
What's the reason behind it being updated in the authorize section? My novice understanding is that authorize is where FreeRadius checks modules to see which one is up to trying to authenticate the request?
The "authorize" phase is really "set things up for authentication". So get passwords, set databases to use for authentication, etc. i.e. you have to know which PAM auth string to use for authentication. So... the PAM auth string has to be set *before* the "authenticate" section is run.
I've also got some other questions related to breaking down users vs clients vs virtual_servers, with all this in place, but that's possibly best started in a new thread with all the details included.
Sure. See also raddb/sites-available/README, there's a ton of documentation on this subject.
Thank you again for your assistance.
You're welcome. It's what I do. :) Alan DeKok.