radius wrote: > we use radius authentication on this openBSD server as workaround, > because for openBSD no pam-(ldap) is available. here, all users, mail, > ftp, yni are authenticated against openldap using various authentication > methods (pam-ldap, pure ldap, courier-authlib with ldap, pure-ftpd with > ldap, ...).
I presume you're using the OpenBSD PAM RADIUS module? > the radius authentication works fine, as far as password checking is > concerned. The following radius-daemon output shows the login of a user > cvs into the system. ... > Sending Access-Accept of id 154 to 127.0.0.1 port 27572 > Finished request 1 The reply is empty. So the user is allowed in, but with no configuration. > BUT when this user is logged in, it has the following parameters: > > [EMAIL PROTECTED] -> id > uid=10001(cvs) gid=102(users) groups=102(users) > [EMAIL PROTECTED] -> > > all these id-parameters are from the local /etc/master.passwd file and > not from the ldap directory. Did you tell OpenBSD to look in the LDAP directory for that configuration? If not, did you tell FreeRADIUS to look in LDAP for that configuration *and* return it in the Access-Accept? And even if FreeRADIUS returns that configuration in the Access-Accept, you have to check that the OpenBSD PAM RADIUS module supports those attributes. See the OpenBSD PAM RADIUS documentation for how to configure it. > instead of (when logging in to the user cvs on a different server) i get > the following (correct) id-parameters > > [EMAIL PROTECTED] ~> id > uid=1067(cvs) gid=100(users) groups=100(users),503(release2) > [EMAIL PROTECTED] ~> So... look at the configuration for that system to see what it's doing. > when i check the ldap-host log, i see, that not even an attempt is made > to request session parameters from the ldap server. Yes... the FreeRADIUS debug log shows this, too. > what do i where need to change? Look at the configuration for the working machine, and copy it to the machine that doesn't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
