Controlling with Auth-Type a client must use

Alan DeKok aland at
Thu Jul 22 14:20:08 CEST 2010

Madsen.Jan JMD wrote:
> I’m using the module passwd working fine, and I have enabled unix
> authentication in my default section.

  Don't.  Use "pap".  It can do crypt authentication.

> Thu Jul 22 13:22:21 2010 : Auth: [unix] [jmd]: invalid shell [/usr/bin/bash]
> Thu Jul 22 13:22:21 2010 : Info: ++[unix] returns reject

  Which is what the Unix module does.

> But what I want to do is to set the client ONLY to use kmdov3 as my
> authentication and not the Unix one. Is this possible?

  No.  You want "crypt" authentication, without checking /etc/passwd.
Use the "pap" module.

  When you say "only to use kmdov3 as my authentication", it means you
have confused authorization and authentication.  They are *very* different.

> I have been trying to use the Auth-Type attribute, but can’t figure out
> how to tell that I want to use the kmdov3 authentication type.

  Don't.  Don't set Auth-Type.  In the default configuration, all you
need to do is:

1) configure the kmdov3 module in raddb/modules
2) list "kmdov3" in the "authorize" section *before* the "pap" module
3) authentication *will* work

  Alan DeKok.

More information about the Freeradius-Users mailing list