On Jul 26, 2015, at 5:38 AM, Josh Miller <jmills5901@gmail.com> wrote:
I didn't understand what the accounting grantor meant, and why it mattered since Authentication was successful.
And instead of trying to figure it out, you blamed FreeRADIUS, and the FreeRADIUS developers. That's an asshole thing to do.
Furthermore, I was under the impression that because was only using a 1 line item "auth required pam_winbind.so" in /etc/pam.d/radiusd then account being ignored.
Yeah... and you apparently didn't read, or try to understand the debug logs you posted to the list. There's a sample "radiusd-pam" file distributed with the server. Instead of taking that and adding "winbind", you created your own file... and broke the server. And then blamed us.
Apparently, there is an implicit deny associated with the accounting feature, and you must explicitly tell it to permit in the code. Simply omitting the account line does not mean that FreeRadius will ignore that data.
This is all documented by the PAM people. It helps to understand the systems you're using. Alan DeKok.