2007/9/19, tnt@kalik.co.yu <tnt@kalik.co.yu>:
Groups are a part of authorization so there is no conflict with any authentication method. You can use ldap (Ldap-Group), sql(Sql-Group), unix (Group) ...
Ivan Kalik Kalik Informatika ISP
Dana 19/9/2007, "Diego Woitasen" <diegows@gmail.com> piše:
2007/9/19, Alan DeKok <aland@deployingradius.com>:
Diego Woitasen wrote:
That entry/configuration.... I read the FAQ and I can't see nothing interesting. The question is, radius uses nsswitch to check group membership using PAM authenticacion?
Q: Hi I tried to do stuff, but it didn't work. Why? A: WTF?
It's difficult to help you if you don't say what you expected to happen, AND what actually happened.
It's frustrating to have people post configurations and ask "why doesn't this work?" The documentation and FAQ cover how to ask questions on the list, and what information we need to help you.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think the question is simple to give more detail. I rewrite the question:
Can I use PAM for authentication and LDAP for group checking? or PAM for authentication and group checking with nsswitch?
-- ------------------- Diego Woitasen ------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ok. I have enabled LDAP in authorize and authentication section. If I set Ldap-Group == "xxx" in a users file entry radiusd only try with LDAP authentication, and not with PAM (I saw this with radiusd -f -X). With the following entry, radiusd try LDAP for authenticacion and authorization: DEFAULT Ldap-Group == "xnetadmin" Service-Type = Login-User, Cisco-AVPair = "shell:priv-lvl=15", Fall-Through = 0 With this, PAM authenticacion is working fine, but I haven't got LDAP authozation obviusly: DEFAULT Auth-type = PAM Service-Type = Login-User, Cisco-AVPair = "shell:priv-lvl=15", Fall-Through = 0 And finally, this doesn't work neither: DEFAULT Auth-type = PAM, Ldap-Group == "xnetadmin" Service-Type = Login-User, Cisco-AVPair = "shell:priv-lvl=15", Fall-Through = 0 I don't find where is the trick. The documentation doesn't say anything about this kind of configuration of I can't find it. regards, diegows -- ------------------- Diego Woitasen -------------------