Christophe Boyanique wrote: > In fact the main problem is if I su to an unprivileged user, no accounting > packet is sent and output displays: > > su: pam_radius_auth: Could not open configuration file /etc/raddb/server: > Permission denid
Yes. That file has to be readable by the user. This is a limitation of PAM, I think, where the pam_radius_auth module is run as the user. > I suppose that session part of pam runs as unprivilegied user and it can't > open the /etc/raddb/server which is protected as advised in the > documentation. Yes. > Is this a common problem (I found nothing in the archive) or do I have a > mistake in the pam configuration ? It's a problem. A solution (a bad one) is to "chmod a+r" the files. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html