On Thu July 10 2003 20:31, Alan DeKok wrote: > [EMAIL PROTECTED] wrote: > > My company has just setup a radius server and we would like to move our > > Internet authentication to the radius server. I have been reading the > > steps on setting up mod_radius_auth so that squid can use the radius > > server. However, I have not seen any mention of where to specify the > > group to authenticate against. > > mod_auth_radius doesn't do groups. > > > We would like to place all our inet users into a single group and > > have squid authenticate against radius and only allow authenticated > > group members out. > > How is this different from allowing only authenticated users? > > Why does Apache need to know the group of the user? > > The whole point of using RADIUS authentication is to let the RADIUS > server make the decision as to whether or not the user is > authenticated.
Chris You are going about this a little wrong. Squid can authenticate against a number of backend modules including pam, static passwd file and smb PAM (The Linux central authentication system) can itself authenticate against a huge number of backends including radius and ldap. Radius is a authentication and accounting server which can authenticate against a huge list of backends including ldap and PAM. See where I am going with this? If you want to authenticate squid against radius you could write a simple squid external auth module (If one doesn't exist) and skip pam entirely. Don't let me talk you out of using radius, but radius may or may not be the correct (or easiest solution) if you only want squid auth. Then again it may. What are you planning on gaining from using radius in this setup? Will you use ldap or mysql as a backend? If ldap, you may be better of configuring Squids pam to talk directly to ldap. Tell us a little more about what you are trying to acomplish :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
