Justin, On Mon, Apr 08, 2002 at 04:34:39PM -0400, Alan DeKok wrote: > "McNutt, Justin M." <[EMAIL PROTECTED]> wrote: > > So my original question, slightly reworded, is "If PAM is able to > > authenticate me correctly, which it does, why does FreeRADIUS still > > return a reject unless there is a local account?" This would seem to be > > a function of what FreeRADIUS requests of PAM.
> I'm not sure why. As I said before, the PAM code in FreeRADIUS is > copied pretty much verbatim from the Cistron source. And the > 'username/password' authentication part of PAM is pretty hard to get > wrong. > I would suggest looking at the PAM logs, to see why it decides to > not authenticate the user. PAM itself doesn't care about local vs. non-local accounts. If you're having trouble with this, you almost certainly have a module in your PAM config which you shouldn't -- such as pam_unix, which by definition requires local accounts and will give you a failure for anything else. Someone on the list may be able to pinpoint the exact trouble if you dump us your PAM config for freeradius. Steve Langasek postmodern programmer
msg04756/pgp00000.pgp
Description: PGP signature
