Dennis Skinner wrote:
Norman Zhang wrote:
How do I setup users tester-a to use /etc/shadow for authentication?
Currently I have
tester-a Auth-Type := Local, User-Password == "superuser" cisco-avpair = "shell:priv-lvl=15", Service-Type = Administrative-User
I would start by reading radiusd.conf. Look for every instance of the word "shadow" and read those comments. Then setup the unix module properly.
Make sure the user/group that radiusd runs as can read /etc/shadow.
Thanks. Changed /etc/shadow to 444 for now. Also unix { password = /etc/password group = /etc/group shadow = /etc/shadow } are uncommented in radiusd.conf
Make sure you are *only* using PAP. CHAP encrypts the password over the wire and you cannot compare crypt to crypt. One of them needs to be cleartext (this is a limitation of encryption, not FreeRADIUS). See the table here:
http://deployingradius.com/documents/protocols/compatibility.html
(you are using Unix Crypt).
pap { encryption_scheme = crypt } chap { authtype = CHAP } still fails. I guess I need to configure users. Will run radiusd -X to debug. Norman