[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pppd-pam + radiusd question

Does the contents of your /etc/pam.d/ppp file read:

# Information for the PPPD process with the 'login' option.
auth    required        pam_securetty.so
auth    required        pam_nologin.so
auth    sufficient      pam_radius_auth.so
auth    required        pam_unix_auth.so
account required        pam_unix_acct.so
session required        pam_unix_session.so

That setup works for me.

If I understand it, the passwd file should only be used in the above config if the radius server doesn't auth the user (we are still migrating).

Check the logs on your radius server as well...

One problem with this setup is the radius server's radwho script won't list any users on NAS's using pppd+pam+radius...  (does anyone know why?)

Good luck,

---------- Original Message ----------------------------------
From: "Alex V. Toropov" <alex@ct.spb.ru>
Date: Tue, 4 Apr 2000 18:13:06 +0400

>Hi, all
I'm trying to use dial-in ppp server with the folloing config:
mgetty monitors modem. On detecting AutoPPP fires pppd (with pam support)
pppd authorize user via radiusd throug pam_radius_auth.so get from

The problem is the following:
User authenticated only if he exists in /etc/passwd on machine, where
mgetty+pppd lives!
And his password in /etc/shadow doesn't matter. he just need to be a local
Can anybody tell me why do I need to have this user?

AFAIK mgetty register a_ppp user, not user authenticating throu PAP.
Radiusd authentication succeded in any case (I'v seen success message from
in /var/log/syslog) of user existance in local pwdb.

I have the following config for pam:
auth          required    pam_nologin.so
auth          sufficient   pam_radius_auth.so debug
session    required    pam_radius_auth.so

TIA Alex

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: