Re: LDAP+PAM radiusd config

Hi Sean, thanks for your reply. The bit I was looking for actually was the 
radiusd.conf file, which has the correct config for directing 
authorization to ldap and authentication to pam.

I have just been doing some testing and i was wondering why it wasn't 
working, after an ldd and truss on the process (I am on solaris8), I 
noticed that the pam support isn't in here anyway and the truss showed it 
reading the shadow file.

Am I missing something really obvious here, there isn't a pam option for 
configure that I can see, I hope I am not asking a dumb question here, but 
how do I build this with PAM support ? It looked like it was checking for 
pam .h files but i never saw any pam libs being linked in nor can I see 
pam_sm* functions in the code. Maybe I need a different build or a patch, 
I pulled down the current 0.81

thanks

Mark




Sean <picasso@xxxxxxxxxxxxx> 
Sent by: freeradius-users-admin@xxxxxxxxxxxxxxxx
28/06/2003 23:26
Please respond to
freeradius-users@xxxxxxxxxxxxxxxx


To
freeradius-users@xxxxxxxxxxxxxxxx
cc

Subject
Re: LDAP+PAM radiusd config






You just want the pam piece? this needs to be radiusd, the auth-file(?) 
parameter piece is broken i think. or at least I didnt get it to work 
right..
The first part (commented) works but it requires a local user, the second 
one works without a local user, and you will want to replace the 
pam_afs.so module with the pam_krb5.so module. 

[root@test-afs-1 pam.d]# more radiusd
#%PAM-1.0
###works but requires a local user
#auth       required    /lib/security/pam_unix_auth.so shadow nullok
#auth       required    /lib/security/pam_afs.so 
#auth       required    /lib/security/pam_nologin.so
#account    required    /lib/security/pam_unix_acct.so
#password   required    /lib/security/pam_cracklib.so
#password   required    /lib/security/pam_unix_password.so shadow nullok 
use_aut
htok
#session    required    /lib/security/pam_unix_session.so

######
auth    required        /lib/security/pam_mine.so
auth       required     /lib/security/pam_afs.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_permit.so
password   required     /lib/security/pam_permit.so
password   required     /lib/security/pam_permit.so
session    required     /lib/security/pam_permit.so


On Sun, 29 Jun 2003, Mark van Kerkwyk wrote:

> Hi, does anyone have a working radiusd.conf where both LDAP and PAM are 
> being used, LDAP for accounts/groups etc and PAM for auth to another 
> source.
> 
> In my case case I will store all credentials in LDAP but send all auth 
via 
> pam_krb5 to our kerberos enrivonment. That way I have no passwords 
stored 
> or sent in the clear anywhere also.
> 
> regards
> 
> Mark
> 
> - 
> List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html