Markus Krause <krause@biochem.mpg.de> wrote:
i would like to authenticate users via pam and sql.
Huh? I don't know what that means. Usually if the user has a password, they have one password, which can be stored in one place. You don't need to use both PAM & SQL.
authenticate { pam }
That guarantees that CHAP & MS-CHAP won't work.
users known by pam get access-accept, but those in sql don't,
Because that's what you configured the server to do. The problem is that you forced ALL users to be authenticated via PAM, when it's not necessary.
what am i doing wrong here? do theses modules (rlm_pam and rlm_sql) exclude each other?
Only if you configure them that way.
how can i use them simultaneously i.e. in parallel?
Try this configuration. It should work. See doc/configurable_failover for details. authorize { preprocess chap group { sql { ok = return } files } shorttermaccount } authenticate { pam pap chap mschap } In summary, if you're not sure how to configure the server, DO NOT do massive edits to radiusd.conf. You'll almost definitely get it wrong. The default configuration is there for a reason: it works. Alan DeKok.