freeradius using linux user passwd

Alan DeKok aland at deployingradius.com
Wed Jul 10 14:45:25 CEST 2013 

Julian Macassey wrote:
> 	It does when it is all in the 'users' file, in fact, when
> I put my username and password in the users file, my laptop and
> smartphone authenticate and connect to the WiFi. 

  That's good.

> 	But, I want to get that info from /etc/password. I note
> from looking around that there used to be (Version 1?) an
> Auth-Type= System that did just that. 

  As has been said, that won't work.  So don't do it.

>>   Read raddb/sites-available/inner-tunnel.  It describes how to get the
>> "inner-tunnel" portion working.
> 
> 	I have that working and tested via radtest using the
> protocols noted in the radtest man page (-t pap/chap/mschap/eap-md5)

  Not for /etc/passwd.  Because it's impossible.

> 	What I do see is:
> 
> # Executing section authorize from file
> # /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "evergreen", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> 
> --------
> 
> So, doing the obvious and fixing proxy.conf to:
> 
> realm NULL {

  Don't do that.  It's not needed.

>         authhost        = localhost:1600
>         accthost        = localhost:1601

  Were did you get these values from?

> My output now looks like:
...
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 15 with timestamp +4
> Marking home server 127.0.0.1 port 1600 as zombie (it looks like
> it is dead).

  So... you don't have a RADIUS server running on localhost, port 1600.
     Why then did you configure it to proxy requests to there?

  It looks like you're trying random things in the hope that something
will magically start working.  Well, it won't.  You need to understand
what's going on.  Proxying packets to a server that doesn't exist shows
you're not understanding it.

> 	So... Works with the users file, doesn't work when I try
> to get it to use /etc/passwd

  Because (among other things), it's impossible to do PEAP / MSCHAP with
/etc/passwd.  So don't try.

   And undo your changes for the NULL realm.  They're not necessary.
They're causing *additional* problems.

  Alan DeKok.

More information about the Freeradius-Users mailing list