newbie question basic passwd authentication
Ramses van Pinxteren
ramses at niob.knaw.nl
Tue Jul 5 12:46:26 CEST 2005
Solved this step: It turns out that radius user has no rights to read
the shadow file (I feel stupid and will write 1000 lines "I will
first check the filepermissions before shouting for help" ;) )
ramses
>Hi,
>
>I am a complete newbie with radius. I need to configure this for use
>with a PPTP VPN. The end goal will be that radius is running on a
>fedora box, and authenticates against a SMBPASSWD file. PPTPd needs
>chap.
>
>but I am getting ahead of myself, irst I need to get a basic system
>working. I installed the freeradius rpm, and tried to configure some
>things:
>
>file clients.conf:
>client 127.0.0.1 {
> secret = testing123
> shortname = localhost
> nastype = other
>}
>client 192.168.1.0/24 {
> secret = testing123
> shortname = localnet
>}
>
>File naslist:
>localhost local other
>
>File users:
>nothing changed, all seemed oke to me.
>
>file radius.conf:
>cutted away some text
>unix {
> cache = no
> cache_reload = 600
> passwd = /etc/passwd
> shadow = /etc/shadow
> group = /etc/group
>}
>
>When I now start the daemon as root:
># radiusd -sfxxyz -l stdout.
>
>
>When I tried to test it from the console again:
>radtest ramses "OfCourseThisShouldBeSomethingLessObvious" localhost
>1 testing123
>I see this at my console:
>
>rad_recv: Access-Request packet from host 127.0.0.1:32769, id=122, length=58
> User-Name = "ramses"
> User-Password = "OfCourseThisShouldBeSomethingLessObvious"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "ramses", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> users: Matched DEFAULT at 152
> modcall[authorize]: module "files" returns ok for request 0
>modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type System
>auth: type "System"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 0
>rlm_unix: [ramses]: invalid password
> modcall[authenticate]: module "unix" returns reject for request 0
>modcall: group authenticate returns reject for request 0
>auth: Failed to validate the user.
>Delaying request 0 for 1 seconds
>Finished request 0
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Sending Access-Reject of id 122 to 127.0.0.1:32769
>Waking up in 4 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 122 with timestamp 42ca3387
>Nothing to do. Sleeping until we see a request.
>
>
>Ofcourse I tripple checked the typed in password, and I could find
>nothing wrong with that one.
>
>Now I think all I can do is shoult: HELPPPPPPP adoes anyone have any ideas?
>
>kind regards,
>
>Ramses
>- List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list