I configured --with-pam
but i dont think that did any good but i did get it working..
you need this in the radius.conf file and you need the other section in
the users file.
pam {
#
# The name to use for PAM authentication.
# PAM looks in /etc/pam.d/${pam_auth_name}
# for it's configuration.
#
# Note that any Pam-Auth attribute set in the 'users'
# file over-rides this one.
#
pam_auth = radiusd
}
In users file you need something like this:
DEFAULT Auth-Type := Pam
pam-auth="radius",
Fall-Through = Yes
On Sun, 29 Jun 2003, Mark van Kerkwyk wrote:
> Hi Sean, thanks for your reply. The bit I was looking for actually was the
> radiusd.conf file, which has the correct config for directing
> authorization to ldap and authentication to pam.
>
> I have just been doing some testing and i was wondering why it wasn't
> working, after an ldd and truss on the process (I am on solaris8), I
> noticed that the pam support isn't in here anyway and the truss showed it
> reading the shadow file.
>
> Am I missing something really obvious here, there isn't a pam option for
> configure that I can see, I hope I am not asking a dumb question here, but
> how do I build this with PAM support ? It looked like it was checking for
> pam .h files but i never saw any pam libs being linked in nor can I see
> pam_sm* functions in the code. Maybe I need a different build or a patch,
> I pulled down the current 0.81
>
> thanks
>
> Mark
>
>
>
>
> Sean <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 28/06/2003 23:26
> Please respond to
> [EMAIL PROTECTED]
>
>
> To
> [EMAIL PROTECTED]
> cc
>
> Subject
> Re: LDAP+PAM radiusd config
>
>
>
>
>
>
> You just want the pam piece? this needs to be radiusd, the auth-file(?)
> parameter piece is broken i think. or at least I didnt get it to work
> right..
> The first part (commented) works but it requires a local user, the second
> one works without a local user, and you will want to replace the
> pam_afs.so module with the pam_krb5.so module.
>
> [EMAIL PROTECTED] pam.d]# more radiusd
> #%PAM-1.0
> ###works but requires a local user
> #auth required /lib/security/pam_unix_auth.so shadow nullok
> #auth required /lib/security/pam_afs.so
> #auth required /lib/security/pam_nologin.so
> #account required /lib/security/pam_unix_acct.so
> #password required /lib/security/pam_cracklib.so
> #password required /lib/security/pam_unix_password.so shadow nullok
> use_aut
> htok
> #session required /lib/security/pam_unix_session.so
>
> ######
> auth required /lib/security/pam_mine.so
> auth required /lib/security/pam_afs.so
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_permit.so
> password required /lib/security/pam_permit.so
> password required /lib/security/pam_permit.so
> session required /lib/security/pam_permit.so
>
>
> On Sun, 29 Jun 2003, Mark van Kerkwyk wrote:
>
> > Hi, does anyone have a working radiusd.conf where both LDAP and PAM are
> > being used, LDAP for accounts/groups etc and PAM for auth to another
> > source.
> >
> > In my case case I will store all credentials in LDAP but send all auth
> via
> > pam_krb5 to our kerberos enrivonment. That way I have no passwords
> stored
> > or sent in the clear anywhere also.
> >
> > regards
> >
> > Mark
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
