On Wed, 2006-22-03 at 15:15 +0100, Hans-Peter Fuchs wrote: > I use freeradius 1.0.5 > > for a special NAS I want to use 2 user databases. > > requests from nas-special should first verified per sql > If and only if sql does not verify the user try pam. > > In users I have: > ##### new > DEFAULT NAS-IP-Address == special, Autz-Type := SQL > Idle-Timeout = 3600, > Session-Timeout= 7200, > Fall-Through = yes > #### end new > #### begin old config: works
> DEFAULT Auth-Type = Pam Have you tried : DEFAULT NAS-IP-Address != special, Auth-Type = Pam ... > Service-Type = Framed-User, > Nomadix-Bw-Up = 128, > Fall-Through = yes > ### end old config > ### begin new config > # pam-authentified users from ssg get Ainternet-attribute > DEFAULT NAS-IP-Address == special > Service-Type = Framed-User, > Idle-Timeout = 3600, > Session-Timeout= 7200, > Cisco-Account-Info += "KW0", > Fall-Through = yes > ### end new config > > But with this users who are verified by sql are also checked against > pam. Do you have some tips? > > Output from radiusd -X: > > rlm_sql (sql): Released sql socket id: 3 > modcall[authorize]: module "sql" returns ok for request 0 > modcall: group Autz-Type returns ok for request 0 > rad_check_password: Found Auth-Type Pam > auth: type "PAM" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 0 > pam_pass: using pamauth string <radius> for pam.conf lookup > pam_pass: function pam_authenticate FAILED for <test>. Reason: Permission > denied > modcall[authenticate]: module "pam" returns reject for request 0 > modcall: group authenticate returns reject for request 0 > auth: Failed to validate the user. > > > Grüße > > Hans-Peter Fuchs > > > Hans-Peter Fuchs - RZKR, Zimmer 20 > Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK > Universität zu Köln - Tel: 0221-470-6972 > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html