Removing local auth (freeradius server 2.1.9)

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Jun 10 22:58:54 CEST 2010


Hi,

>   When starting radiusd -X (yes, I've looked at the output) and testing these 2 most simple accounts with radtest, the first one fails while the second one works. The difference being that there's a "mrichard" account on the box in /etc/passwd while "mrichard2" only exists in radiusd's config. Hence the output differences when calling "radtest thelogin qwerty localhost 666 testing123" (cut) :

you've massively edited the output of the debug and missed the
most important line that says 

[unix] returns updated

or somesuch - however:

>   After a bit of searching I found a reference in the ML archives to $confdir/sites-enabled/default and saw "unix" in there with the description saying it caches the hashes from /etc/passwd and its accompanying shadow. I've commented those lines and restarted the daemon. Now I get this in the PAP output for both users:

...you are on the right track. but once again, a few lines of the debug isnt enough.
there is plenty in the debug that says whats wrong etc. obviously you are editing the
right config files because its broken what was working in a different fashion before.

you need to remove unix from the 3 sections in the default file. then passwords
wont be read. but you need to ensure that files is called before pap in the authorize
section 

alan



More information about the Freeradius-Users mailing list