That's what I thought (because I could not find any instructions on how to do it). Now I know to start looking for that next step.
Thanks. On Fri March 19 2004 2:55 pm, Michael Griego wrote: > RADIUS does not provide name services, such as UID/GID mapping. It is > simply an authorization and authentication service. For name services, > you'll need to either create the /etc/passwd entry on each machine or > use a directory service such as NIS/NIS+ or LDAP. > > The same applies to PAM. PAM only does authentication of users > (possibly from remote sources such as RADIUS, LDAP, or other services). > It is the job of the name switch services (NSS) subsystem on a unix > system to retrieve the account information once authentication has been > established. Like PAM, NSS can tap into foreign sources to retrieve > this information from services that are capable of providing that > information (such as NIS and LDAP). > > --Mike > > On Fri, 2004-03-19 at 13:42, Bill Feero wrote: > > I'm trying to authenticate with PAM to freeRADIUS 0.9.0 > > I'm using pam_radius_auth version 1.3.15 on a RedHat 8.0 system > > > > Here is my /etc/pam.d/login file: > > #%PAM-1.0 > > auth required /lib/security/pam_securetty.so > > auth sufficient /lib/security/pam_radius_auth.so debug > > auth required /lib/security/pam_stack.so service=system-auth > > auth required /lib/security/pam_nologin.so > > account required /lib/security/pam_stack.so service=system-auth > > password required /lib/security/pam_stack.so service=system-auth > > session required /lib/security/pam_stack.so service=system-auth > > session optional /lib/security/pam_console.so > > > > The radius server does accept the user name and password, but since the > > user name does not exist in the clients /etc/passwd file, I can't log in. > > This is the message I receive on the client. > > User not known to the underlying authentication > > > > I'm guessing it's because there is no UID for that user. > > > > I created a second user in the RADIUS user file, and created a user with > > the same name on the client but with a different password. I can login to > > the client using the RADIUS password. > > > > I don't want to create user's on the client, so how can I force a UID, > > home dir. and default shell settings for a user that has been > > authenticated by RADIUS? > > > > Thanks for any help. -- Bill Feero Logical Solutions, Inc. 203 647 8700 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
