Need help

Alan DeKok aland at deployingradius.com
Fri Nov 2 14:37:47 CET 2007


Frank Winkler wrote:
> On the old server, the users were authenticated by regular /etc/passwd
> means. I got this working on the new server. As there are some new features
> in the later versions, I'd prefer to move the RADIUS users to a separate
> smbpasswd-like file but I can't get the authentication to work.

  <sigh>  See the FAQ about "it doesn't work".

> Some questions:
> 
> The old server querying itself for a /etc/passwd user:
> root at old # ./radtest frank XXX localhost 10 test123
> Sending Access-Request of id 161 to 127.0.0.1:1812
>         User-Name = "frank"
>         User-Password = "D[\326<\255h\016A\275\357"%\367\027_y"
>         NAS-IP-Address = XXX
>         NAS-Port-Id = "10"
> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=161, length=20
> root at old #

  Why are you looking at the client side?  The README, INSTALL, FAQ, and
daily messages on this list say that you should run in debug mode.  What
do we have to add to the documentation to convince you that this is a
good idea?

> Why is the password displayed in plain text instead of hashed as on the old
> server?

  Because it helps with debugging.

> I'm pretty unsure about the "authtype".

  Don't set it.

 I can post debug outout of radiusd
> but it looks like it finds the user in the file but cannot authenticate the
> password.

  So... the passwords don't match?

  If you're unsure as to how the server works, it would be reasonable to
assume that you don't know enough to correctly interpret the debug output.

  Post it here.

  Alan DeKok.



More information about the Freeradius-Users mailing list