Freeradius+PAM+LDAP

[Bill Thompson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Hello everyone,

I've been working on having radius authenticate through PAM which is
getting it's authentication info from LDAP. This is so I can use pam_tally
to monitor failed logins.

I actually have the system working, but with one show stopping problem. I
am able to authenticate through PAM, but certain attributes such as
FilterId, SessionTimeout, and IdleTimeout are not being passed from PAM to
radius. Setting Freeradius to authenticate directly to LDAP will pass
these attributes with no trouble, so the problem must be with PAM. I am
using Debian Stable, so the packages are not the most recent, and some I
had to build:

PAM 0.72
LDAP 3.0
Freeradius 0.9.1

Any Ideas?

- -BillT
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAtny0uLPldPuWZnARAjj9AKDq7XwJemhRKVuBX8S/aU2jK3qQYQCeLLn0
V6F+h4inJzd0PDNex1hcpIw=
=bmuD
-END PGP SIGNATURE-

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Open ports over firewall

[Bill Thompson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 27 Apr 2004 13:15:24 +0200
"Gabriele D'Andrea - TNET S.p.A." <[EMAIL PROTECTED]> wrote:

> Hi everybody,
> I'm running Freeradius on my RedHat server. Which OUTPUT ports sholud I
> leave open for freeradius?
> For accounting i leave udp 1812-13 open in INPUT and OUTPUT, I receive
> authentication requests but then my auth replies are blocked by
> firewall. Any help on this?
> 
>

Why are you running a firewall on your Radius server? It would be better
to turn off all unused services so that the only ports open are for
Radius. It just doesn't make sense to use a firewall on a host server.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAjppyuLPldPuWZnARAkZOAKCywBNlMqhefGP1LsKQeJWCcR51bACfZw7v
uCRkFjd+unonpyKxXdXY1ZU=
=FCMS
-END PGP SIGNATURE-

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html