Alan DeKok wrote:
Kevin Hanser <kevin@mica.net> wrote:
So I changed my setup to run the radiusd daemon as root, and tested again. Sure enough, if radiusd is run as root, I can authenticate against the system.
Which is why the default is to run as root. See the "user" directive in radiusd.conf, and the comments above it. The only thing missing in the comments is that you might have to create a shadow group, and make /etc/shadow readable by that group.
Hmm. Wonder how I missed that :) I was changing the user to root using the user directive, but I guess I overlooked the comments directly above it that pretty much explains my question :) Thanx for pointing me to the proper place :) I was initially stumped that my system didn't have a "shadow" group, but then I re-read your message above and created one. Once I did that and restarted radiusd in the shadow group, system authentication is working great! Thx! k