rlm_unix cannot find users (2.1.0)
Alan DeKok
aland at deployingradius.com
Thu Sep 25 08:48:25 CEST 2008
Martin Pauly wrote:
> I have a large set of users handled by LDAP, and a small group (admins with
> only a few logins) that I used to handle by setting up a bunch of local
> unix accounts and doing Auth-Type := System. So my users file looks like
Auth-Type := System has been deprecated in 2.x. It's not needed.
Just list "unix" in the "authorize" section, and the server will figure
it out.
> In sites-available/default, I have 'unix' in both the authorize and authenticate
> section. The debug output upon a request reads:
...
> ++[unix] returns notfound
OK...
> [ the whole thing is sent to LDAP for authorization now which succeeds, but could perhaps be avoided anyway]
? What do you mean by that?
> So to me it looks like rlm_unix can't find me :-(
The module just calls the system API's to get the passwd file entry
for the user. If the system returns notfound, so does the module.
> I've read about rlm_passwd, but I don't need any caching
> or the like. Oh, and user freerad is in group shadow. But
> as I understand it, this is no longer relevant for my case
> since rlm_unix uses getpwent which is supposed to handle
> access to /etc/shadow, right?
No. getpwent still depends on the calling application having
permission to read /etc/shadow.
Alan DeKok.
More information about the Freeradius-Users
mailing list