J. C. Desai wrote: > I am looking for a Linux client side HOW-TO for radius authentication > without requiring presence of the login id on client side locally.
Please no HTML to the list. I already tried to implement a similar setup but never found all the pieces of the puzzle. > 5) The problem I am facing is that the login id has also to be defined > locally on client Linux machines --- otherwise, for example, the su command > fails indicating that the id does not exist (if I create the login id on > client locally, then it queries freeRadius server) Indeed, the missing piece is the libnss-radius. I think you'll have to write your own. I've already looked at it and it's not very hard to do. My tests indicate that you need to implement only 2 functions to get login, xdm, ssh, etc. working on the client machines. enum nss_status _nss_radius_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen); enum nss_status _nss_radius_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen); More info in the glibc manual: http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
