"McNutt, Justin M." <[EMAIL PROTECTED]> wrote: > 1) FreeRADIUS refuses to authenticate any user who does not have an = > account on the local workstation.
That's most likely the fault of PAM, if the user is trying to log into the box. PAM does username/password authentication, nothing else. > Testing with other services (httpd, sshd) shows that Kerberos and = > pam_krb5.so are working properly. Cistron RADIUS 1.6.4 did not have = > this problem. Hmmm.. the FreeRADIUS PAM code is pretty similar to the Cistron PAM code, so I don't know why there's any difference. > 2) There is some difference between the way FreeRADIUS 0.5 and Cistron = > RADIUS 1.6.4 respond when there is no user in the raddb/users file to = > match an authentication request (and there is no default). I don't think so. They both should reject the user. > With Cistron RADIUS, this works. No matter what user name is used, if I = > enter the locally-configured password for the switch I can gain access. = > However with FreeRADIUS 0.5, the BayStack says "Querying RADIUS = > server..." and waits forever. That is probably a different problem. Use 'tcpdump' to see what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
