User /etc/shadow for Authentication

Norman Zhang norman.zhang at
Wed Apr 25 02:17:04 CEST 2007

Dennis Skinner wrote:
> Norman Zhang wrote:
>> How do I setup users tester-a to use /etc/shadow for authentication?
>> Currently I have
>> tester-a  Auth-Type := Local, User-Password == "superuser"
>>       cisco-avpair = "shell:priv-lvl=15",
>>       Service-Type = Administrative-User
> I would start by reading radiusd.conf.  Look for every instance of the
> word "shadow" and read those comments.  Then setup the unix module properly.
> Make sure the user/group that radiusd runs as can read /etc/shadow.

Thanks. Changed /etc/shadow to 444 for now. Also

unix {
	password = /etc/password
	group = /etc/group
	shadow = /etc/shadow

are uncommented in radiusd.conf

> Make sure you are *only* using PAP.  CHAP encrypts the password over the
> wire and you cannot compare crypt to crypt.  One of them needs to be
> cleartext (this is a limitation of encryption, not FreeRADIUS).  See the
> table here:
> (you are using Unix Crypt).

pap {
	encryption_scheme = crypt

chap {
	authtype = CHAP

still fails. I guess I need to configure users. Will run radiusd -X to 


More information about the Freeradius-Users mailing list