2007/9/19, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > Groups are a part of authorization so there is no conflict with any > authentication method. You can use ldap (Ldap-Group), sql(Sql-Group), > unix (Group) ... > > Ivan Kalik > Kalik Informatika ISP > > > Dana 19/9/2007, "Diego Woitasen" <[EMAIL PROTECTED]> piše: > > >2007/9/19, Alan DeKok <[EMAIL PROTECTED]>: > >> Diego Woitasen wrote: > >> > That entry/configuration.... I read the FAQ and I can't see nothing > >> > interesting. The question is, radius uses nsswitch to check group > >> > membership using PAM authenticacion? > >> > >> Q: Hi I tried to do stuff, but it didn't work. Why? > >> A: WTF? > >> > >> It's difficult to help you if you don't say what you expected to > >> happen, AND what actually happened. > >> > >> It's frustrating to have people post configurations and ask "why > >> doesn't this work?" The documentation and FAQ cover how to ask > >> questions on the list, and what information we need to help you. > >> > >> Alan DeKok. > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > >> > > > >I think the question is simple to give more detail. I rewrite the question: > > > >Can I use PAM for authentication and LDAP for group checking? or PAM > >for authentication and group checking with nsswitch? > > > > > > > > > > > >-- > >------------------- > >Diego Woitasen > >------------------- > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >
ok. I have enabled LDAP in authorize and authentication section. If I set Ldap-Group == "xxx" in a users file entry radiusd only try with LDAP authentication, and not with PAM (I saw this with radiusd -f -X). With the following entry, radiusd try LDAP for authenticacion and authorization: DEFAULT Ldap-Group == "xnetadmin" Service-Type = Login-User, Cisco-AVPair = "shell:priv-lvl=15", Fall-Through = 0 With this, PAM authenticacion is working fine, but I haven't got LDAP authozation obviusly: DEFAULT Auth-type = PAM Service-Type = Login-User, Cisco-AVPair = "shell:priv-lvl=15", Fall-Through = 0 And finally, this doesn't work neither: DEFAULT Auth-type = PAM, Ldap-Group == "xnetadmin" Service-Type = Login-User, Cisco-AVPair = "shell:priv-lvl=15", Fall-Through = 0 I don't find where is the trick. The documentation doesn't say anything about this kind of configuration of I can't find it. regards, diegows -- ------------------- Diego Woitasen ------------------- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html