RADIUS does not provide name services, such as UID/GID mapping. It is simply an authorization and authentication service. For name services, you'll need to either create the /etc/passwd entry on each machine or use a directory service such as NIS/NIS+ or LDAP.
The same applies to PAM. PAM only does authentication of users (possibly from remote sources such as RADIUS, LDAP, or other services). It is the job of the name switch services (NSS) subsystem on a unix system to retrieve the account information once authentication has been established. Like PAM, NSS can tap into foreign sources to retrieve this information from services that are capable of providing that information (such as NIS and LDAP). --Mike On Fri, 2004-03-19 at 13:42, Bill Feero wrote: > I'm trying to authenticate with PAM to freeRADIUS 0.9.0 > I'm using pam_radius_auth version 1.3.15 on a RedHat 8.0 system > > Here is my /etc/pam.d/login file: > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so debug > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account required /lib/security/pam_stack.so service=system-auth > password required /lib/security/pam_stack.so service=system-auth > session required /lib/security/pam_stack.so service=system-auth > session optional /lib/security/pam_console.so > > The radius server does accept the user name and password, but since the user name > does not exist in the clients /etc/passwd file, I can't log in. > This is the message I receive on the client. > User not known to the underlying authentication > > I'm guessing it's because there is no UID for that user. > > I created a second user in the RADIUS user file, and created a user with the same > name > on the client but with a different password. I can login to the client using the > RADIUS password. > > I don't want to create user's on the client, so how can I force a UID, home dir. and > default shell settings for a user that has been authenticated by RADIUS? > > Thanks for any help. -- --Mike ----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
