radtest seems to fail out of the box

Dan Gahlinger dgahling at hotmail.com
Wed Nov 28 19:59:55 CET 2007 

I hate hotmail.
ok, you're saying /etc/raddb/server is a pam config file ?

anyhow, I'm happy to report the single quote method fixes part of the problem.
that of the "@%%" working better now. still doesn't log in.

even using radiusd -Xsfxxx or so doesn't give any more information. -X gives the debugging I showed.

is there something else I can do to test/check why the API is failing?

Dan.

> Date: Wed, 28 Nov 2007 18:53:20 +0100
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: radtest seems to fail out of the box
> 
> Dan Gahlinger wrote:
> > Ok, Al, can you explain or help with this.
> > 
> > just to appease you, I unpacked free radius, out of the box,
> > changed a single line in "server" as such:
> > 127.0.0.1       testing123             3
> 
>   I think that's a config file for the PAM module.  FreeRADIUS doesn't
> use it.
> 
> > ran radtest using a testuser local account:
> 
>   In /etc/passwd...
> 
> > Radiusd -X shows:
> ...
> >     users: Matched entry DEFAULT at line 155
> 
>   Which is the entry setting Auth-Type = System.  i.e. "check against
> /etc/passwd".
> 
> > rlm_unix: [testuser]: invalid password
> 
>   Which is pretty definitive.  FreeRADIUS just calls the standard Unix
> API's to get the users password from /etc/passwd or /etc/shadow, and
> then calls the standard Unix API's to check that against what the user
> entered.
> 
>   It looks like the second call is causing issues.  It's returning
> something, but that something doesn't match what's in /etc/passwd.
> 
>   If it helps, FreeRADIUS is simply at the mercy of the system API's
> here.  Are you running as root in debugging mode?
> 
> > the password is valid, as a local SSH using the same information works.
> 
>   Ouch.
> 
> > And one other oddity, when using users with "hardended" passwords like
> > say "test@"
> > radtest and radiusd -X will show the password as "test2", whether quotes
> > are used or not.
> 
>   That's... odd.  There may be shell escaping issues, but when I test
> users like that using single quotes ( 'test@' ) in radtest && the
> "users" file, it works for me.
> 
> > is this normal? and why does the radtest fail?
> 
>   It's not normal.  radtest fails because the API's FreeRADIUS calls
> don't seem to work.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

_________________________________________________________________
R U Ready for Windows Live Messenger Beta 8.5? Try it today!
http://entertainment.sympatico.msn.ca/WindowsLiveMessenger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071128/78a07490/attachment.html>

More information about the Freeradius-Users mailing list