:Restrict local users::..

Tim Sylvester tim.sylvester at networkradius.com
Fri Jun 24 07:34:11 CEST 2011


Is the "unix" module uncommented in the authorize section of your
configuration? If so, then FreeRADIUS is authenticating the users in the
/etc/password file.


        #
        #  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
        #  using the system API's to get the password.  If you want
        #  to read /etc/passwd or /etc/shadow directly, see the
        #  passwd module in radiusd.conf.
        #
#       unix

Tim

-----Original Message-----
From:
freeradius-users-bounces+tim.sylvester=networkradius.com at lists.freeradius.or
g
[mailto:freeradius-users-bounces+tim.sylvester=networkradius.com at lists.freer
adius.org] On Behalf Of Alfonso Alejandro Reyes Jiménez
Sent: Thursday, June 23, 2011 9:30 PM
To: FreeRadius users mailing list
Subject: ..::Restrict local users::..

Hi Everyone.

we would like to know if there's a way to reject access to the local users,
that's because we discover that if you have a system account you may login
on the radius server.

I have the teory that if we use the rlm_passwd module we can reject the
access to the "local group", I search on the man rlm_passwd file and it has
examples of the configuration. The only thing that I don't understand is how
radius know which file to check.

I mean if I put a file with our group information, how can I tell radius to
check that file? I have the group file on the /etc/ and the smbpasswd
example on /etc/raddb/modules/

I've checked all the raddb directory files looking for any option without
luck.

What am I doing wrong?

Any advice will be appreciated.

Alfonso.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list