User /etc/shadow for Authentication
Norman Zhang
norman.zhang at gmail.com
Wed Apr 25 02:17:04 CEST 2007
Dennis Skinner wrote:
> Norman Zhang wrote:
>> How do I setup users tester-a to use /etc/shadow for authentication?
>>
>> Currently I have
>>
>> tester-a Auth-Type := Local, User-Password == "superuser"
>> cisco-avpair = "shell:priv-lvl=15",
>> Service-Type = Administrative-User
>
> I would start by reading radiusd.conf. Look for every instance of the
> word "shadow" and read those comments. Then setup the unix module properly.
>
> Make sure the user/group that radiusd runs as can read /etc/shadow.
Thanks. Changed /etc/shadow to 444 for now. Also
unix {
password = /etc/password
group = /etc/group
shadow = /etc/shadow
}
are uncommented in radiusd.conf
> Make sure you are *only* using PAP. CHAP encrypts the password over the
> wire and you cannot compare crypt to crypt. One of them needs to be
> cleartext (this is a limitation of encryption, not FreeRADIUS). See the
> table here:
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> (you are using Unix Crypt).
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
still fails. I guess I need to configure users. Will run radiusd -X to
debug.
Norman
More information about the Freeradius-Users
mailing list