pam_auth_radius

Marc Phillips rmarc at copacetic.net
Thu Feb 17 14:44:41 CET 2011


> ...you are quite right.  You should be able to use pam_skel (or whatever 
> it is called) to create accounts on the fly, but the groups you will 
> have to sync via other means.
> 
> Of course, if you are sync'ing groups, you might aswell sync user ids...

Groups are easier.  For an appliance, and really most unix boxes, at least
in my environments, the number of groups necessary is pretty small
and easily configured and managed (a setup once type of thing) whereas 
the number of users is very large and quite variable.

There's no need to sync groups, is my point; just to map an AD group to
a unix group (radius authorizes to AD and Authenticates via SecureID).

R. Marc



More information about the Freeradius-Users mailing list