User /etc/shadow for Authentication
Dennis Skinner
dskinner at bluefrog.com
Wed Apr 25 01:04:17 CEST 2007
Norman Zhang wrote:
> How do I setup users tester-a to use /etc/shadow for authentication?
>
> Currently I have
>
> tester-a Auth-Type := Local, User-Password == "superuser"
> cisco-avpair = "shell:priv-lvl=15",
> Service-Type = Administrative-User
I would start by reading radiusd.conf. Look for every instance of the
word "shadow" and read those comments. Then setup the unix module properly.
Make sure the user/group that radiusd runs as can read /etc/shadow.
Make sure you are *only* using PAP. CHAP encrypts the password over the
wire and you cannot compare crypt to crypt. One of them needs to be
cleartext (this is a limitation of encryption, not FreeRADIUS). See the
table here:
http://deployingradius.com/documents/protocols/compatibility.html
(you are using Unix Crypt).
Make sure you have the unix module referenced in the *authorize* section
at the bottom of the conf file.
Oh, and obviously you'll want to remove (or at least change) that entry
in the users file.
Run the server in debug mode (radiusd -X) and test.
I've never tried to use /etc/shadow myself, but the comments in the
config file should get you 90% there.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
More information about the Freeradius-Users
mailing list