On Thu, 2003-03-06 at 14:48, Jason Clifford wrote: > On 6 Mar 2003, Andrew wrote: > > > I'm trying to setup a dial-in server using RedHat 7.2. I'm using > > pam_auth_radius.so to authenticate to the Radius portion of a RSA > > SecurID ACE server. No problem with that, it works. The problem that I'm > > having is that the user needs an ID on the system for the rest of the > > authentication to work. We don't want that, if possible. However, if > > there is no other option how can I either a) use a dummy account for the > > local directory or b) if the home directory has to be there, create it > > automatically. > > I assume you mean for the account management PAM functions ie: > > account required pam_unix.so > > If this is the case then you can replace this with > > account required pam_permit.so > > which will always respond with PAM_SUCCESS and so will allow access once > the auth section is satisfied. > I had tried that with no success. My /etc/pam.d/ppp looks like this now: #%PAM-1.0 auth required pam_nologin.so auth required /lib/security/pam_radius_auth.so debug account required /lib/security/pam_permit.so session required /lib/security/pam_permit.so A user with no local account gets this: Mar 7 12:04:26 servername mgetty[4879]: data dev=ttyM1e, pid=4879, caller='none', conn='33600 V42bis', name='', cmd='/usr/sbin/pppd', user='/AutoPPP/' Mar 7 12:04:26 servername pppd[4879]: pppd 2.4.1 started by LOGIN, uid 0 Mar 7 12:04:26 servername pppd[4879]: Using interface ppp0 Mar 7 12:04:26 servername pppd[4879]: Connect: ppp0 <--> /dev/ttyM1e Mar 7 12:04:30 servername pppd[4879]: pam_radius_auth: RADIUS server 127.0.0.1 failed to respond Mar 7 12:04:31 servername pppd[4879]: PAP login failure for andrew-test2 Mar 7 12:04:31 servername pppd[4879]: Connection terminated. Mar 7 12:04:31 servername pppd[4879]: Exit. While a user WITH a local account gets this: Mar 7 11:28:12 servername mgetty[4830]: data dev=ttyM1e, pid=4830, caller='none', conn='33600 V42bis', name='', cmd='/usr/sbin/pppd', user='/AutoPPP/' Mar 7 11:28:12 servername pppd[4830]: pppd 2.4.1 started by LOGIN, uid 0 Mar 7 11:28:12 servername pppd[4830]: Using interface ppp0 Mar 7 11:28:12 servername pppd[4830]: Connect: ppp0 <--> /dev/ttyM1e Mar 7 11:28:17 servername pppd[4830]: pam_radius_auth: RADIUS server 127.0.0.1 failed to respond Mar 7 11:28:18 servername pppd[4830]: user andrew-test1 logged in Mar 7 11:28:18 servername pppd[4830]: found interface eth0 for proxy arp Mar 7 11:28:18 servername pppd[4830]: local IP address 10.1.2.6 Mar 7 11:28:18 servername pppd[4830]: remote IP address 10.1.9.21 Mar 7 11:28:59 servername pppd[4830]: LCP terminated by peer (^^@CM-s^@<M-Mt^@^@^@^@) Mar 7 11:29:00 servername pppd[4830]: Hangup (SIGHUP) Mar 7 11:29:00 servername pppd[4830]: Modem hangup I've done some packet tracing and I've seen the server and the RSA server talk to each other. There is no radius setup on the local server, that's why the localhost ip fails. Should I make the changes to the /etc/pam.d/login file instead? I'm not changing the system-auth file since it's auto-generated. -- Andrew <andrew@exit0.us> _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
