Hi, I'm using pam_auth_radius PAM module to authenticate against an RSA SecurId radius server. It works fine but I need to pre-create the users on the system. I was wondering if it's possible to use the LDAP directory for the valid user accounts.
I'm under linux Debian/Lenny. I tried to define pam_ldap in /etc/pam.d/common-account : account sufficient pam_ldap.so and leave the common-auth use radius (also session) auth sufficient pam_radius_auth.so debug but it does not seem to work. I may miss something. Theorically i think it's possible, isn't it? Other little problem with the pam_auth_radius module, when restricting persissions on the /etc/pam_auth_radius.conf file (shared secret for RADIUS server), I get this message when closing the session : pam_close_session: Cannot make/remove an entry for the specified session details : Aug 20 14:57:09 debian su[11840]: pam_unix(su:session): session opened for user chris by root(uid=1001) Aug 20 14:57:10 debian su[11840]: pam_radius_auth: Could not open configuration file /etc/pam_radius_auth.conf: Permission denied Aug 20 14:57:10 debian su[11840]: pam_unix(su:session): session closed for user chris Aug 20 14:57:10 debian su[11840]: pam_close_session: Cannot make/remove an entry for the specified session I think it's needed to contact the radius server for accounting, but it is not a secure configuration, even if using one time passwords Thanks for your help, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
