From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 15:02:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 407FE16A4CE for ; Tue, 12 Oct 2004 15:02:59 +0000 (GMT) Received: from relay.teleportsv.net (ns1.TeleportSV.net [193.41.48.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDE4743D5E for ; Tue, 12 Oct 2004 15:02:57 +0000 (GMT) (envelope-from vvs@teleportsv.net) Received: from vvs.teleportsv ([192.168.69.52]) by relay.teleportsv.net with esmtpa (Exim 4.42 (FreeBSD)) id 1CHOAt-000D9J-SX for freebsd-net@freebsd.org; Tue, 12 Oct 2004 18:02:51 +0300 Message-ID: <416BF23C.8070802@teleportsv.net> Date: Tue, 12 Oct 2004 18:03:25 +0300 From: Vladimir Voronin User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040902) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: problem with pam authentication via radius X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2004 15:02:59 -0000 I try to make PAM authentication on FreeBSD-server (FreeBSD 5.3-BETA1) using RADIUS (freeradius-0.9.3_1) and RADIUS using LDAP (openldap-server-2.2.14). /etc/pam.d/sshd : auth sufficient pam_radius.so auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account sufficient pam_radius.so account required pam_login_access.so account required pam_unix.so session required pam_permit.so password required pam_unix.so no_warn try_first_pass There are not any problem when I try authenticate user, who exists in /etc/passwd. PAM asks RADIUS and RADIUS compares data with data in LDAP-database. But when authenticate user who exists only in LDAP-database (and there isn't in /etc/passwd on FreeBSD-server) PAM isn't ask RADIUS (nothing in logs of RADIUS). Why this situation take place? How to fix this problem?