On Fri, May 24, 2002 at 10:37:57AM +0700, Mufti wrote: > Frank, > > One stupid question, from your explanation, we don't need to put the > users' password is the database/users file in order to authenticate, do > we? > The radius server will just simply passes the users' password (which is > entered by the user during login) to the authentication mechanism, is > that correct? > Sorry to be an annoyance.
Not an annoyance at all. You are correct, assuming your uesrs file is setup for PAM, something like: > > > > DEFAULT Auth-Type := Pam > > > > Service-Type = Shell-user, > > > > Fall-Through = YES > > > > > > > > > > > > smartbits Auth-Type := Local, Password == "xx" > > > > Service-Type == Login-user > > > > Note that the above config is broken because the DEFAULT user matches in every case and it is first, so smartbits will never match. Well, maybe it will match and then the auth-type will be overridden, but really I think user-specific entries should go first, especially in a clear setup like the above. Additionally, the preferred attribute name is User-Password. You do not necessarily need a users file, you can directly specify PAM in radiusd.conf but the users file is probably a better way to go. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
