-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/10/14 10:33, Phil Mayers wrote:
rlm_unix has a flow like this:
r = getpwnam(username) if not r: return NOTFOUND if not r.passwd or len(r.passwd) < 10: s = getspnam(username) if not s: return NOTFOUND passwd = s.passwd else: passwd = r.passwd
So, either FreeRADIUS is getting no reply to getpwnam() or it's getting an empty or "x" value for the password hash at that stage, *then* calling getspnam() and getting no value.
My NIS is rusty, but IIRC calling the getspnam() routines under NIS requires you being root? Most likely this is the problem.
Le me re-iterate. Since I've installed FreeRADIUS on my NIS master, I no longer care so much about dealing with NIS. At this stage, it's simply a matter of getting FR and rlm_unix to see and access my local user/pwd sitting in /etc/passwd and /etc/shadow. Surely, setting up Fr for that is not /that/ complicated. So, forget about NIS. That is not a problem. So, now that I have that out of the way, it seems rlm_unix isn't able to read /etc/shadow. I'm assuming the getspnam(username) call is trying to read /etc/shadow? If so, how is the best way to fix this? I read somewhere that rlm_unix didn't need to copy the password files into a temp file with radwtmp unless there was a specific reason for it. What exactly is that all about? - -- Mark Haney Network/Systems Administrator Practichem W: (919) 714-8428 Fedora release 20 (Heisenbug) 3.13.4-200.fc20.x86_64 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTHeb2AAoJEM/YzwEAv6e7EtsH/1DSyXULTwGN2Y4x/lvq/5cj OYj585upGm0gZlNTEBjDYF1eJQw+S26bIhbogiaaWElBhnNE43K0iXnlJMxC3rwJ ZRdoT5dQHufyOAFpDrg0GvR4BsnlSUlRzckBDGdFSsEtHHUtH0UU/ajuKo8JgXxZ 4smQ1dl9dFY9A9xe7AI7MGMI76QAqTIuTREmEwfPVKl9HSsBHAFr64hzxsUc8TcE 5GEizfXQv3XvTLsYuDCPRF2SxZr5ZpLi3Yuu/GLlC6Vl88qpNHgbPVf5rKw1NVMl OhYFHSnz+pzgyAKJBg3Np5xoV1cvDYf0wQ3Kv0i1UwP3SF4r9RvdAPNjyyzjZJc= =mS2E -----END PGP SIGNATURE-----