PAM: External radius for password / internal LDAP for the rest

To: Lista Debian User <debian-user@lists.debian.org>
Subject: PAM: External radius for password / internal LDAP for the rest
From: Denny Schierz <linuxmail@4lin.net>
Date: Thu, 6 Dec 2012 09:12:15 +0100
Message-id: <[🔎] 97184E1B-AB3A-4E4C-BDC2-7DB9A681A68E@4lin.net>

hi,

at the moment we importing every day students from a external LDAP server and copy them into our local LDAP tree. So we have a own password database, in LDAP. Now we have access to the main radius for the whole university so we can authenticate most of our users via the radius, but not all. 

The plan is:

1. Use Radius for the password only
2. Check if the user exists in our LDAP, if not -> no access
3. If the radius password isn't accepted, test the same on LDAP userPassword
4. Use LDAP for $HOME/ $SHELL/ $UIDNumber/ $Gidnumber.... 

The third point is for local users only (system accounts icinga/otrs ....) and guests, also for the smoothness migration, from our password to the radius. Old users can still use the old password, new users take the radius one.

I've installed a local FreeRadius server in proxy mode which works.

So, my question is, can I do it with PAM? How does it look like?

cu denny

Reply to:

Prev by Date: Re: Informazioni Log Analyzer Postfix
Next by Date: Re: Webcam Problem
Previous by thread: Re: Webcam Problem
Next by thread: Copy 2 partitions to .img file
Index(es):
- Date
- Thread