Hi, I've read the freeradius-users achives and found that other people have problems when using Freeradius on an OS which uses a shadow password file. I too have encountered such problems and have found why this problem occurs but require assistance to fix. Here's a recap of the problem: Auth-Type = Local works fine but Auth-Type = System does not. OS: FreeBSD 6.0 running Freeradius-1.1.1 installed from ports collection users file contents: DEFAULT Auth-Type = System Reply-Message = "System password works" Running radiusd -X produces (see below for greater detail) rlm_unix: [test]: invalid password but I know 100% that the password is correct. What appears to be happening (determined from hours of frustrating testing) is Freeradius (rlm_unix) is looking for the users passwords in the /etc/passwd file but my /etc/passwd file doesn't contain any passwords: test:*:1003:1003:Test User:/home/test:/bin/sh my /etc/master.passwd file does: test:$1$RlHYm4Ca$QhlYcYV7BqIjTF.UQ4pTX/:1003:1003::0:0:Test User:/home/test:/bin/sh if I copy the encrypted password from /etc/master.passwd and replace the "*" in /etc/passwd I can successfully authenticate via Auth-Type = System Login OK: [test] (from client localhost port 0) (more detail below) ******* So my question is what do I need to do so I don't have to manually replace the "*" in /etc/passwd with the encrypted password from /etc/master.passwd for every user I enter in the system? ******* TIA, Shane Output of radiusd -X when /etc/passwd contains "*" for password rad_recv: Access-Request packet from host 127.0.0.1:52869, id=153, length=53 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port-Id = "0" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 688 modcall[authorize]: module "preprocess" returns ok for request 688 radius_xlat: '/var/log/radacct/127.0.0.1/auth-detail-20060531' rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/127.0.0.1/auth-detail-20060531 modcall[authorize]: module "auth_log" returns ok for request 688 modcall[authorize]: module "chap" returns noop for request 688 modcall[authorize]: module "mschap" returns noop for request 688 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 688 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 688 users: Matched entry DEFAULT at line 13 modcall[authorize]: module "files" returns ok for request 688 modcall: leaving group authorize (returns ok) for request 688 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 688 rlm_unix: [test]: invalid password modcall[authenticate]: module "unix" returns reject for request 688 modcall: leaving group authenticate (returns reject) for request 688 auth: Failed to validate the user. Login incorrect: [test/test] (from client localhost port 0) Delaying request 688 for 1 seconds Finished request 688 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 153 to 127.0.0.1 port 52869 Reply-Message = "System password works" Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 688 ID 153 with timestamp 447e1534 Nothing to do. Sleeping until we see a request. Output of radiusd -X when /etc/passwd contains encrypted password instead of "*" rad_recv: Access-Request packet from host 127.0.0.1:55703, id=181, length=53 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port-Id = "0" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radacct/127.0.0.1/auth-detail-20060531' rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radacct/127.0.0.1/auth-detail-20060531 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 13 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns ok for request 0 modcall: leaving group authenticate (returns ok) for request 0 radius_xlat: 'System password works' Login OK: [test] (from client localhost port 0) Sending Access-Accept of id 181 to 127.0.0.1 port 55703 Reply-Message = "System password works" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 181 with timestamp 447e1744 Nothing to do. Sleeping until we see a request.