Righteo,
I've been fooling around with my CD only firewall for the past few days
and everything is working sweet except for the modem dial-in.
To ensure greater security of the firewall and internal network I
decided against the use of NIS for password information that PAM would use to
authenticate users who wanted to dial in.
Following the advice of the folks on #slug I went ahead with the Radius
idea.
PPP talks to PAM which talks to an internal radius server.
The Radius server is working fine, users authenticate properly.
The trouble seems to be between PPP and PAM. PAM authenticates with
the Radius server and gets the green light but then for some reason asks
pam_unix.so as well for login info.
Of course, since there is no user account data on the firewall this
fails and the PPP connection is dropped.
Hopefully someone has been in this situation before and can help me out.
I've attached a copy of the /etc/pam.d/ppp config to this e-mail to show
what the PAM setup is like for PPP.
The /etc/ppp/pap-secrets file is the standard one that comes with Debian
with the "alpha" server changed to what the firewall is actually called.
Apart from that problemo, the CD firewall works as it was planned to.
Pete de Zwart.
--
And remember, may the source be with you, always...
#%PAM-1.0 # $Id: ppp,v 1.4 2002/04/25 13:37:19 dezwart Exp $ # Information for the PPPD process with the 'login' option. auth required pam_nologin.so auth sufficient pam_radius_auth.so auth required pam_unix_auth.so account required pam_unix_acct.so session required pam_unix_session.so
msg22911/pgp00000.pgp
Description: PGP signature
