On Nov 30, 2015, at 2:10 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
A radius 2.2.9 server authenticates Linux users via the pam module. Is it possible for Radius to not only very password, but also provide the users with their Linux permissions - their group memberships and other such things? If so, how to configure this?
No. PAM does not support that. Therefore the RADIUS PAM module cannot support that.
Other traditional ways of doing this, such as ldap or NIS, work by interacting with PAM or nsswitch, and can be cached in nscd. But I'm not seeing a way to integrate radius into this. Different sources online mention that radius can pass group membership back to the client but they don't explain how to configure it.
Ask the PAM people. It's impossible. Alan DeKok.