Does the contents of your /etc/pam.d/ppp file read: #%PAM-1.0 # Information for the PPPD process with the 'login' option. auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_radius_auth.so auth required pam_unix_auth.so account required pam_unix_acct.so session required pam_unix_session.so
That setup works for me. If I understand it, the passwd file should only be used in the above config if the radius server doesn't auth the user (we are still migrating). Check the logs on your radius server as well... One problem with this setup is the radius server's radwho script won't list any users on NAS's using pppd+pam+radius... (does anyone know why?) Good luck, Nathan ---------- Original Message ---------------------------------- From: "Alex V. Toropov" <[EMAIL PROTECTED]> Date: Tue, 4 Apr 2000 18:13:06 +0400 >Hi, all I'm trying to use dial-in ppp server with the folloing config: mgetty monitors modem. On detecting AutoPPP fires pppd (with pam support) pppd authorize user via radiusd throug pam_radius_auth.so get from freeradius.org. The problem is the following: User authenticated only if he exists in /etc/passwd on machine, where mgetty+pppd lives! And his password in /etc/shadow doesn't matter. he just need to be a local user. Can anybody tell me why do I need to have this user? AFAIK mgetty register a_ppp user, not user authenticating throu PAP. Radiusd authentication succeded in any case (I'v seen success message from pam_radius_auth in /var/log/syslog) of user existance in local pwdb. I have the following config for pam: /etc/pam.d/ppp: auth required pam_nologin.so auth sufficient pam_radius_auth.so debug session required pam_radius_auth.so TIA Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
