Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 01 Jun 1997 11:40:14 -0400
From:      Chris Shenton <chris@absinthe.i3inc.com>
To:        rricci@ns1.theonlynet.com
Cc:        freebsd-isp@freebsd.org
Subject:   Re: Authenticating dial-ins
Message-ID:  <199706011540.LAA04945@absinthe.i3inc.com>
In-Reply-To: Your message of "Fri, 30 May 1997 16:39:10 -0600 (MDT)"
References:  <Pine.BSF.3.91.970530162908.4648A-100000@ns1.theonlynet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 30 May 1997 16:39:10 -0600 (MDT)
"Robert P. Ricci" <rricci@ns1.theonlynet.com> wrote:

rricci> We've got two FreeBSD machines, and would like to use one as a
rricci> terminal server and the other as mail/web/ftp sever (right
rricci> now, everything's on the terminal server.) What would be the
rricci> best way to keep identical password files on both machines, or
rricci> use the web server's password file to authenticate users on
rricci> the terminal server? The terminal server uses a cyclades
rricci> card. Right now, we use mgetty to answer the modems, which
rricci> then fires up pppd. We're also able to nfs mount between the
rricci> two machines.

The dial-in server can use RADIUS configured to look into the
/etc/passwd file for authentication. I believe you use "Password =
UNIX" or "Password = System" (Livingston RADIUS-2.0). So your dialin
server can query a RADIUS daemon running on your www/ftp/email server
where the accounts really live. I set up one site like this and it's
real easy for them to manage cuz all they gotta do is "adduser". 

You can make the users shell something like /PPP-only or /bin/false if
you want them to have PPP authentication but no shell access, but this
*might* hose www/ftp/email (see /etc/shells and such).

MERIT and Livingston's latest RADIUS support examining UNIX /etc/group
file for PPP authentication. With this you could allow people
shell/email/ftp/www access, but *not* PPP, if you set their group to
be one RADIUS doesn't like.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706011540.LAA04945>