---Reply on mail from Steve Langasek about SMB authentication
> Follow-ups to pam-list@redhat.com.
>
> Stephan,
>
> On Wed, 28 Feb 2001, Stephan von Krawczynski wrote:
>
>> ---Reply on mail from Steve Langasek about SMB authentication
>> > [...]
>> > It shouldn't be hard to do this with freeradius, PAM support, and pam_smb.
> You should only list those modules in /etc/pam.d/radius which you want to be
> used. If you are going to *only* authenticate against an NT server, your
> config should look more like:
> [...]
Thank you for that hint. You are right, I changed it.
> Yes, pam_smb by default requires that there be an entry for the user in the
> password file; the author explains that otherwise, too many people try using
> pam_smb for login/telnet/ssh and then blame his module when this doesn't work.
> Still, there's an option to disable the password file check in pam_smb. The
> option ('nolocal') is explained on the pam_smb homepage
> (http://www.csn.ul.ie/~airlied/pam_smb/).
Thanks for this one, too. Indeed this solved my first problem, no unix-users
required any longer ...
> [syslogs]
> This looks like you also have a mismatch in your pam service name.
This was a typo. I fixed it and things start to work now.
As my "idiot-doesnt-now-how-to-use-pam" problem is solved now :-), I come back to
freeradius questions:
I have three different types of users:
a) normal dialin
b) callback with static callback-number
c) callback with configurable callback-number
a) is done
b) and c) is a problem. I cannot use groups because there are none for
smb-users. Is there a way to send attributes looked up by an external program
that hands them over to radiusd ? Or is there some other trick to split up the
"user-groups"?
Please stay patient with me ...
Stephan von Krawczynski
