hi all!
i want to configure the freeradius server (1.0.5) to use ldap, sql and pam as
source for user authentification. i only get the first two to work at the same
time (ldap and sql) but not together with pam.
if i use this in /etc/raddb/users:
##### users
wlan Auth-Type = EAP
testuser Auth-Type := Local, User-Password == "secret"
------
all user in ldap and sql (and of course the "testusers" in the "users" file) can
be authorized, but if users in pam can not, radiusd says:
##### radiusd debug output
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
-----
with the following in /etc/raddb/users:
##### users
DEFAULT Auth-Type = Pam
Fall-Through = Yes
wlan Auth-Type = EAP
testuser Auth-Type := Local, User-Password == "secret"
-----
users in pam get an access-accept message, but not those in ldap and sql (nor
the "testuser" in "users".
the debug output for a user in sql says:
##### radiusd debug output (only "important parts" as i assume)
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for nig49594
radius_xlat: '(uid=nig49594)'
radius_xlat: 'dc=mogli,dc=de'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=mogli,dc=de, with filter (uid=nig49594)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns notfound for request 6
radius_xlat: 'nig49594'
rlm_sql (sql): sql_set_user escaped user --> 'nig49594'
[snipp sql queries]
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 6
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user nig49594, check_item=1, counter=0
rlm_sqlcounter: Sent Reply-Item for user nig49594, Type=Session-Timeout, value=1
modcall[authorize]: module "onedayaccounts" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type Pam
auth: type "PAM"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: function pam_authenticate FAILED for <nig49594>. Reason: User not
known to the underlying authentication module
modcall[authenticate]: module "pam" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
-----
same for an ldap user:
##### radiusd debug output (snipped again)
rlm_ldap: - authorize
rlm_ldap: performing user authorization for ldapuser
radius_xlat: '(uid=ldapuser)'
radius_xlat: 'dc=mogli,dc=de'
[snipp]
rlm_ldap: user ldapuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
radius_xlat: 'ldapuser'
rlm_sql (sql): sql_set_user escaped user --> 'ldapuser'
[snipp]
rlm_sql (sql): User ldapuser not found in radcheck
rlm_sql (sql): User ldapuser not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound for request 0
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "onedayaccounts" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Pam
auth: type "PAM"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: function pam_authenticate FAILED for <ldapuser>. Reason: User not
known to the underlying authentication module
modcall[authenticate]: module "pam" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Login incorrect: [ldapuser] (from client wlan port 0)
-----
it seems that the pam returns "reject" if a user is not found by pam, sql and
ldap reutrn "nofound".
how can i set up the pam part to return "notfound" and not overwrite the "ok"
request by the other modules?
thanx in advance for your help!
regards
markus
--
Markus Krause email: [EMAIL PROTECTED]
Computing Center Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
---------------------------------------------------------------------
This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
