Subj : Re: login / PAM not using /etc/passwd To : comp.os.linux,comp.os.linux.security From : Hans Date : Mon Jun 28 2004 10:22 am "Bill Unruh" wrote in message news:cbh9fh$gg4$1@string.physics.ubc.ca... > "Hans" writes: > > ]Hello > > ]How can I get to work that when Iogin, I do authentication against a RADIUS > ]server, using pam_radius_auth.so, and not let login lookup the user in > ]/etc/passwd. > > ]ie I want to configure one central users-serves (using RADIUS and LDAP), and > ]have all login-reguests be handled only by RADIUS, so no user-entries in > ]/etc/passwd? > > ]BTW my RADIUS configuration ik OK, > > ]radtest user password radiusserver 0 radpass > > ]gives Access-Accept. But logging in gives message > > ]login[5363]: User not known to underlying authentication module > > > ]Any hints appreciated > > > What is in /etc/pam.d/login ? > This is my /etc/pam.d/login file: I only added the pam_radius_auth.so line, didnt work. #%PAM-1.0 auth requisite pam_unix2.so nullok #set_secrpc auth sufficient pam_radius_auth3.so debug auth required pam_securetty.so auth required pam_nologin.so #auth required pam_homecheck.so auth required pam_env.so auth required pam_mail.so account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_unix2.so none # debug or trace session required pam_limits.so So I removed all pam_unix2.so lines: #%PAM-1.0 auth sufficient pam_radius_auth3.so debug auth required pam_securetty.so auth required pam_nologin.so #auth required pam_homecheck.so auth required pam_env.so auth required pam_mail.so password required pam_pwcheck.so nullok session required pam_limits.so Also, no such luck. In fact I tried many combinations with/without pam_unix2.so, with/without pam_radius_auth.so, nothing works. I even tried #%PAM-1.0 auth sufficient pam_radius_auth3.so Still no good. BTW when I add 'debug' at the end of the 'pam_radius_auth.so' lines, thge log will say: login[20127]: pam_radius_auth: Got RADIUS response code 2 login[20127]: pam_radius_auth: authentication succeeded Which means that my radius configuration is OK. Gr, Hans .