[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnu-radius] address@hidden: cascaded radius server]
From: |
Frank Matthias |
Subject: |
[Help-gnu-radius] address@hidden: cascaded radius server] |
Date: |
Tue, 9 Oct 2001 14:15:19 +0000 |
User-agent: |
Mutt/1.2.5i |
Hi there,
I'm trying to cascade two RADIUS server.
My users file on the server communicate with NAS looks like this:
Follow up I call this server "the first one".
DEFAULT Auth-Type = Pam,
Pam-Auth=radius,
Simultaneous-Use = 1
Service-Type = Exec-User
The second RADIUS server looks like this:
DEFAULT Auth-Type = System,
Simultaneous-Use = 1
Service-Type = Exec-User
/etc/pam.d/radius on the first radius server looks like this:
auth sufficient /lib/security/pam_pwdb.so shadow nullok
auth sufficient /lib/security/pam_radius_auth.so
account sufficient /lib/security/pam_pwdb.so
account sufficient /lib/security/pam_radius_auth.so
session sufficient /lib/security/pam_pwdb.so
session sufficient /lib/security/pam_radius_auth.so
If the users are local on the first server, authentication process
should check /etc/passwd and /etc/shadow, all other requests should
forwarded to the second server.
The first part, the local resolution works fine, but the forwarding
doesn't work.
I'm a little bit confused, because I started snoop on the second
server.
The second server gets a request from the first one,
only if the local resolution failed, check the informations and send the correct
answer back, but the first one doesn't forward the correct answer to the
NAS, so every login failed.
I think there is no timer problem? I think that there are
a problem with the first RADIUS server.
Test Lab:
Cisco 2600 NAS, configured login authentication RADIUS on vty's.
Linux RedHat6.2, first RADIUS server
Solaris 2.6, second RADIUS server
Any ideas?
Best Regards
Matthias Frank
- [Help-gnu-radius] address@hidden: cascaded radius server],
Frank Matthias <=