You need to edit raddb/sites-available/inner-tunnel, too.
sites-available or sites-enabled? I did edit inner-tunnel in sites-enabled as well as default
See raddb/modules/passwd instead
added the following to passwd: unix { filename = /etc/shadow format = "*User-Name::Crypt-Password::::::" hashsize = 100 ignorenislike = no allowmultiplekeys = no } and here is the output: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 59997, id=170, length=59 User-Name = "test" User-Password = "password" NAS-IP-Address = 10.0.10.21 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> support attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 170 to 127.0.0.1 port 59997 Waking up in 4.9 seconds. Cleaning up request 0 ID 170 with timestamp +6 Ready to process requests. Alan DeKok-2 wrote:
sbchem wrote:
I installed a fresh copy of FreeRadius v 2.1.7 on CentOS 5. Ran radtest locally as well as remotely and it works great. Now I want to point the server to my /etc/shadow file which lives on the same machine. I have not made any changes to the default config except to change the group ownership of my shadow file to radiusd so the radius daemon can access it.
On startup here is the output:
You need to edit raddb/sites-available/inner-tunnel, too.
Although it looks like the unix module is being queried, it does not look like the server is passing the request to the passwd module
The references in the default and inner-tunnel files to shadow are meaningless as they refer to a section in radiusd.comf that does not exist.
See raddb/modules/passwd instead
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://old.nabble.com/RADDB-2.1.7-and--etc-shadow-tp28640012p28644933.html Sent from the FreeRadius - User mailing list archive at Nabble.com.