User /etc/shadow for Authentication
norman.zhang at gmail.com
Wed Apr 25 02:17:04 CEST 2007
Dennis Skinner wrote:
> Norman Zhang wrote:
>> How do I setup users tester-a to use /etc/shadow for authentication?
>> Currently I have
>> tester-a Auth-Type := Local, User-Password == "superuser"
>> cisco-avpair = "shell:priv-lvl=15",
>> Service-Type = Administrative-User
> I would start by reading radiusd.conf. Look for every instance of the
> word "shadow" and read those comments. Then setup the unix module properly.
> Make sure the user/group that radiusd runs as can read /etc/shadow.
Thanks. Changed /etc/shadow to 444 for now. Also
password = /etc/password
group = /etc/group
shadow = /etc/shadow
are uncommented in radiusd.conf
> Make sure you are *only* using PAP. CHAP encrypts the password over the
> wire and you cannot compare crypt to crypt. One of them needs to be
> cleartext (this is a limitation of encryption, not FreeRADIUS). See the
> table here:
> (you are using Unix Crypt).
encryption_scheme = crypt
authtype = CHAP
still fails. I guess I need to configure users. Will run radiusd -X to
More information about the Freeradius-Users