Controlling with Auth-Type a client must use
Alan DeKok
aland at deployingradius.com
Thu Jul 22 14:20:08 CEST 2010
Madsen.Jan JMD wrote:
> I’m using the module passwd working fine, and I have enabled unix
> authentication in my default section.
Don't. Use "pap". It can do crypt authentication.
> Thu Jul 22 13:22:21 2010 : Auth: [unix] [jmd]: invalid shell [/usr/bin/bash]
> Thu Jul 22 13:22:21 2010 : Info: ++[unix] returns reject
Which is what the Unix module does.
> But what I want to do is to set the client ONLY to use kmdov3 as my
> authentication and not the Unix one. Is this possible?
No. You want "crypt" authentication, without checking /etc/passwd.
Use the "pap" module.
When you say "only to use kmdov3 as my authentication", it means you
have confused authorization and authentication. They are *very* different.
> I have been trying to use the Auth-Type attribute, but can’t figure out
> how to tell that I want to use the kmdov3 authentication type.
Don't. Don't set Auth-Type. In the default configuration, all you
need to do is:
1) configure the kmdov3 module in raddb/modules
2) list "kmdov3" in the "authorize" section *before* the "pap" module
3) authentication *will* work
Alan DeKok.
More information about the Freeradius-Users
mailing list