Want to use 2 different authentication-methods

Guy Fraser guy at incentre.net
Wed Mar 22 21:12:53 CET 2006 

On Wed, 2006-22-03 at 15:15 +0100, Hans-Peter Fuchs wrote:
> I use freeradius 1.0.5
> 
> for a special NAS I want to use 2 user databases.
> 
> requests from nas-special should first verified per sql
> If and only if sql does not verify the user try pam.
> 
> In users I have:
> ##### new 
> DEFAULT         NAS-IP-Address == special, Autz-Type := SQL
>                 Idle-Timeout = 3600,
>                 Session-Timeout= 7200,
>                 Fall-Through = yes
> #### end new
> #### begin old config: works 


> DEFAULT         Auth-Type = Pam
Have you tried :
DEFAULT          NAS-IP-Address != special, Auth-Type = Pam
...

>                 Service-Type = Framed-User,
>                 Nomadix-Bw-Up = 128,
>                 Fall-Through = yes
> ### end old config
> ### begin new config
> #               pam-authentified users from ssg get Ainternet-attribute
> DEFAULT         NAS-IP-Address == special
>                 Service-Type = Framed-User,
>                 Idle-Timeout = 3600,
>                 Session-Timeout= 7200,
>                 Cisco-Account-Info += "KW0",
>                 Fall-Through = yes
> ### end new config
> 
> But with this users who are verified by sql are also checked against 
> pam. Do you have some tips?
> 
> Output from radiusd -X:
> 
> rlm_sql (sql): Released sql socket id: 3
>   modcall[authorize]: module "sql" returns ok for request 0
> modcall: group Autz-Type returns ok for request 0
>   rad_check_password:  Found Auth-Type Pam
> auth: type "PAM"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> pam_pass: using pamauth string <radius> for pam.conf lookup
> pam_pass: function pam_authenticate FAILED for <test>. Reason: Permission denied
>   modcall[authenticate]: module "pam" returns reject for request 0
> modcall: group authenticate returns reject for request 0
> auth: Failed to validate the user.
> 
> 
> Grüße
> 
> Hans-Peter Fuchs
> 
> 
> Hans-Peter Fuchs - RZKR, Zimmer 20
> Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK
> Universität zu Köln - Tel: 0221-470-6972
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list