FreeRADIUS +Active Directory + PAM
Alan DeKok
aland at deployingradius.com
Fri Jun 1 15:49:34 CEST 2012
Jonathan van der Wat wrote:
> Alan,
>
> I've been searching the lists for most of the day but haven't been able
> to come right. What I've noticed recently is that if I add the user on
> the test box with no password, and then try to sign on via ssh I see the
> following in the radiusd debug output:
>
> User-Password = "/*mypassword*/"
That's how PAM works. You need to have users in /etc/passwd for UID,
GID, etc. PAM does password checking *only*.
> However, the user is still not authenticated via the FreeRADIUS server.
Well... go read the debug output to see why.
> If I explicitly go and add that user to the */etc/raddb/users* file,
> then authentication works via PAP. How do I tell FreeRADIUS to use
> MS-CHAP for all users?
You don't. The authentication method (PAP, CHAP, MS-CHAP) is chosen
by the client. In this case, the pam_radius_auth module.
And the "active directory" pages on my web set tells you how to
authenticate to AD using PAP. This is documented.
Alan DeKok.
More information about the Freeradius-Users
mailing list