Hi All,
I have requirements that I prevent users with a shell of /dev/null from authenticating against freeradius server.

Using the rpm provided with RHEL4.0:
radiusd: FreeRADIUS Version 1.0.1

I am using the unix module and pam. /dev/null is not listed as a valid shell in /etc/shells, and accounts with /dev/null are currently able to log in (via the DEFAULT entry in the users file). /etc/passwd is not used and accounts are stored on a ldap server.

users:
DEFAULT  Auth-Type = PAM
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Ascend-Idle-Limit = 1200,
        Ascend-Maximum-Time = 15800

radiusd.conf:
 pam {
                pam_auth = radiusd
        }

/etc/pam.d/radiusd:
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth


/etc/shells:
/bin/sh
/bin/bash
/sbin/nologin
/bin/ash
/bin/bsh
/bin/ksh
/usr/bin/ksh
/usr/bin/pdksh
/bin/tcsh
/bin/csh
/bin/zsh

Any ideas around this?

Thanks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to