On Tue, Jun 14, 2011 at 1:20 AM, Christian Hesse
<address@hidden> wrote:
Hailu Meng <address@hidden> on Mon, 13 Jun 2011 08:52:55 -0500:
> I'm getting there. But went into some problem. I have Freeradius
> 1.1.3.
Any reason you use this old version of freeradius? Latest stable
version is 2.1.10.
I was too lazy and used built-in freeradius for testing. :)
Hailu Meng <address@hidden> on Mon, 13 Jun 2011 08:59:49 -0500:
> I found the problem. I comment the account command in pam. After I put
> in-system for account. The user root can authenticate successfully.
> It seems like I need create all the users in the server to get
> authentication successful.
It definitely does work without having local user accounts. I maintain
a freeradius that authenticates 161016 users (just queried the db) from
mysql. I am shure they do not have local user accounts. ;)
Or did I misunderstood anything?
If this works for you, I guess I might need upgrade my freeradius to have a try.
Another question for you, Christian: Can you utilize Freeradius to do the LDAP first and then hand over to PAM to do the OTP authentication? I was thinking about using PAM stack to do the LDAP first and then OTP. But it seems I'm having some issue with that, still trying to figure that out. Not sure freeradius can do some authentication stack thing?
Thanks a lot!
Lou
--
Schoene Gruesse
Chris