On 27/08/09 13:44, Schvberle Daniel wrote:
Hi,
I'm using OpenBSD 4.5-stable, and I'm trying to configure RADIUS
authentication. What I want is for the system to try the
RADIUS server,
and if it fails, fall back to the local password file. In
login.conf I have
auth-defaults:auth=radius,passwd:radius-server=my.radius.server
If the RADIUS server isn't there for whatever reason, the
system doesn't
fallback to password file authentication. The same happens
if I specify
the methods the other way round: the RADIUS server is never
tried even
if the password-file-based login fails.
I need to make sure that I can always log in even if the
RADIUS server
has gone away. Is it possible to configure the system in this way?
Thanks
- Ian
Why not make a new login class for radius users and make yourself
"backup" users in default class? Normally you'd login with users from
the radius class and if that fails you'd use a user form the default class.
Of course, that way you'd have to use different login names for the
two classes.
That's a good workaround, thanks. Do you know if it's a bug that this
doesn't work, or is it just not implemented? I assumed from the
manpages that being able to specify more than one style implies that
there's some kind of fallback mechanism.
I just wanted to know whether it was worth filing a bug for this.
Thanks
- Ian
--
Ian Chard, Senior Unix and Network Gorilla | E: [email protected]
Systems and Electronic Resources Service | T: 80587 / (01865) 280587
Oxford University Library Services | F: (01865) 242287
