PAM authenticacion and groups
Diego Woitasen
diegows at gmail.com
Fri Sep 21 16:02:11 CEST 2007
2007/9/19, tnt at kalik.co.yu <tnt at kalik.co.yu>:
> Groups are a part of authorization so there is no conflict with any
> authentication method. You can use ldap (Ldap-Group), sql(Sql-Group),
> unix (Group) ...
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 19/9/2007, "Diego Woitasen" <diegows at gmail.com> piše:
>
> >2007/9/19, Alan DeKok <aland at deployingradius.com>:
> >> Diego Woitasen wrote:
> >> > That entry/configuration.... I read the FAQ and I can't see nothing
> >> > interesting. The question is, radius uses nsswitch to check group
> >> > membership using PAM authenticacion?
> >>
> >> Q: Hi I tried to do stuff, but it didn't work. Why?
> >> A: WTF?
> >>
> >> It's difficult to help you if you don't say what you expected to
> >> happen, AND what actually happened.
> >>
> >> It's frustrating to have people post configurations and ask "why
> >> doesn't this work?" The documentation and FAQ cover how to ask
> >> questions on the list, and what information we need to help you.
> >>
> >> Alan DeKok.
> >> -
> >> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >
> >I think the question is simple to give more detail. I rewrite the question:
> >
> >Can I use PAM for authentication and LDAP for group checking? or PAM
> >for authentication and group checking with nsswitch?
> >
> >
> >
> >
> >
> >--
> >-------------------
> >Diego Woitasen
> >-------------------
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
ok. I have enabled LDAP in authorize and authentication section. If I
set Ldap-Group == "xxx" in a users file entry radiusd only try with
LDAP authentication, and not with PAM (I saw this with radiusd -f -X).
With the following entry, radiusd try LDAP for authenticacion and authorization:
DEFAULT Ldap-Group == "xnetadmin"
Service-Type = Login-User,
Cisco-AVPair = "shell:priv-lvl=15",
Fall-Through = 0
With this, PAM authenticacion is working fine, but I haven't got LDAP
authozation obviusly:
DEFAULT Auth-type = PAM
Service-Type = Login-User,
Cisco-AVPair = "shell:priv-lvl=15",
Fall-Through = 0
And finally, this doesn't work neither:
DEFAULT Auth-type = PAM, Ldap-Group == "xnetadmin"
Service-Type = Login-User,
Cisco-AVPair = "shell:priv-lvl=15",
Fall-Through = 0
I don't find where is the trick. The documentation doesn't say
anything about this kind of configuration of I can't find it.
regards,
diegows
--
-------------------
Diego Woitasen
-------------------
More information about the Freeradius-Users
mailing list