On 10/03/14 14:03, Mark Haney wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/07/14 16:00, Alan DeKok wrote:
The only thing I've changed in the config files is to add the DEFAULT Auth-Type = System at the top of the users file.
Which I don't recommend you do.
Anyawyas, debug mode shows:
++[unix] returns notfound
Which is pretty definitive.
Okay, what would recommend then? And the ++[unix] returns notfound is definitive of /what/?
rlm_unix has a flow like this: r = getpwnam(username) if not r: return NOTFOUND if not r.passwd or len(r.passwd) < 10: s = getspnam(username) if not s: return NOTFOUND passwd = s.passwd else: passwd = r.passwd So, either FreeRADIUS is getting no reply to getpwnam() or it's getting an empty or "x" value for the password hash at that stage, *then* calling getspnam() and getting no value. My NIS is rusty, but IIRC calling the getspnam() routines under NIS requires you being root? Most likely this is the problem. PAM has a suid-root helper for this; FreeRADIUS doesn't. So one possible alternative would be to use rlm_pam, and let PAM do the work of getting at the shadow data.