Want to use 2 different authentication-methods
I use freeradius 1.0.5 for a special NAS I want to use 2 user databases. requests from nas-special should first verified per sql If and only if sql does not verify the user try pam. In users I have: ##### new DEFAULT NAS-IP-Address == special, Autz-Type := SQL Idle-Timeout = 3600, Session-Timeout= 7200, Fall-Through = yes #### end new #### begin old config: works DEFAULT Auth-Type = Pam Service-Type = Framed-User, Nomadix-Bw-Up = 128, Fall-Through = yes ### end old config ### begin new config # pam-authentified users from ssg get Ainternet-attribute DEFAULT NAS-IP-Address == special Service-Type = Framed-User, Idle-Timeout = 3600, Session-Timeout= 7200, Cisco-Account-Info += "KW0", Fall-Through = yes ### end new config But with this users who are verified by sql are also checked against pam. Do you have some tips? Output from radiusd -X: rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 0 modcall: group Autz-Type returns ok for request 0 rad_check_password: Found Auth-Type Pam auth: type "PAM" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 pam_pass: using pamauth string <radius> for pam.conf lookup pam_pass: function pam_authenticate FAILED for <test>. Reason: Permission denied modcall[authenticate]: module "pam" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972
On Wed, 2006-22-03 at 15:15 +0100, Hans-Peter Fuchs wrote:
I use freeradius 1.0.5
for a special NAS I want to use 2 user databases.
requests from nas-special should first verified per sql If and only if sql does not verify the user try pam.
In users I have: ##### new DEFAULT NAS-IP-Address == special, Autz-Type := SQL Idle-Timeout = 3600, Session-Timeout= 7200, Fall-Through = yes #### end new #### begin old config: works
DEFAULT Auth-Type = Pam Have you tried : DEFAULT NAS-IP-Address != special, Auth-Type = Pam ...
Service-Type = Framed-User, Nomadix-Bw-Up = 128, Fall-Through = yes ### end old config ### begin new config # pam-authentified users from ssg get Ainternet-attribute DEFAULT NAS-IP-Address == special Service-Type = Framed-User, Idle-Timeout = 3600, Session-Timeout= 7200, Cisco-Account-Info += "KW0", Fall-Through = yes ### end new config
But with this users who are verified by sql are also checked against pam. Do you have some tips?
Output from radiusd -X:
rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 0 modcall: group Autz-Type returns ok for request 0 rad_check_password: Found Auth-Type Pam auth: type "PAM" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 pam_pass: using pamauth string <radius> for pam.conf lookup pam_pass: function pam_authenticate FAILED for <test>. Reason: Permission denied modcall[authenticate]: module "pam" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user.
Grüße
Hans-Peter Fuchs
Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Guy Fraser -
Hans-Peter Fuchs