Hi All,
I have a queries. The following scenario are already implemented in
my heterogenous systems test site.
I already centralise my authentication to use the NT domain using a
pam_windbind module. Any NT domain users
can login already to my unix box using the account in our NT domain machine
server.
My real problem persist are for my RAS authentication. I setup my
freeradius using a redhat 7.3 OS
to use the autheticate to my NT domains users database instead of creating
each users or synchronizing the
accounts in redhat box. In my pam.d configuration in "radiusd and smb-auth",
I add the entries below suggested
in this list. ( see below of my entries). However, I can't successfully
login to my NAS accounts when I try to dialin
using the account of my NT domain user database. I also try to use the
radtest utility if my account can authenticate
using the NT domain user database but no success at all also. But using the
redhat system account its work. Does
anyone know where should I focus my troubleshooting? What authentication
modules should be ideal for my setup
using the freeradius? Any suggestion, pointers and advise are really
appreciated. If anybody in this list successfully
done this setup, please lean me your configurations. Many thanks in advance.
radiusd:
#%PAM-1.0
authrequired/lib/security/pam_securetty.so
authrequired/lib/security/pam_stack.so service=smb-auth
authrequired/lib/security/pam_nologin.so
account required/lib/security/pam_stack.so service=smb-auth
passwordrequired/lib/security/pam_stack.so service=smb-auth
session required/lib/security/pam_stack.so service=smb-auth
session optional/lib/security/pam_console.so
smb-auth:
#%PAM-1.0
authrequired/lib/security/pam_env.so
authsufficient /lib/security/pam_winbind.so
authrequired/lib/security/pam_deny.so
account sufficient /lib/security/pam_winbind.so
account required/lib/security/pam_unix.so
passwordrequired/lib/security/pam_cracklib.so retry=3 type=
passwordsufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
passwordrequired/lib/security/pam_deny.so
session required/lib/security/pam_limits.so
session required/lib/security/pam_unix.so
Regards
Jay Ungab
Jardine Direct Company Inc - OSSC
3/F, Jardine Davies Building
222 Sen. Gil J. Puyat Avenue
Makati City, Philippines
Telephone: +63 2 8920190 extension 231
Voice/IP (from ATL & Devon): 50-1110-231
Fax: +63 2 8939569
Network Team Mobile: +63 918 9225905
Email: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html