RADDB 2.1.7 and /etc/shadow

sbchem twise at chem.ucsb.edu
Sat May 22 20:07:00 CEST 2010 

>   You need to edit raddb/sites-available/inner-tunnel, too.

sites-available or sites-enabled?  I did edit inner-tunnel in
sites-enabled as well as default

>   See raddb/modules/passwd instead

added the following to passwd:

unix {
        filename = /etc/shadow
        format = "*User-Name::Crypt-Password::::::"
        hashsize = 100
        ignorenislike = no
        allowmultiplekeys = no
}

and here is the output:


Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 59997, id=170,
length=59
        User-Name = "test"
        User-Password = "password"
        NAS-IP-Address = 10.0.10.21
        NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. 
Authentication may fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> support
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 170 to 127.0.0.1 port 59997
Waking up in 4.9 seconds.
Cleaning up request 0 ID 170 with timestamp +6
Ready to process requests.


Alan DeKok-2 wrote:
> 
> sbchem wrote:
>> I installed a fresh copy of FreeRadius v 2.1.7 on CentOS 5. Ran radtest
>> locally as well as  remotely and it works great.  Now I want to point the
>> server to my /etc/shadow file which lives on the same machine.  I have
>> not
>> made any changes to the default config except to change the group
>> ownership
>> of my shadow file to radiusd so the radius daemon can access it.
>> 
>> On startup here is the output:
> 
>   You need to edit raddb/sites-available/inner-tunnel, too.
> 
>> Although it looks like the unix module is being queried, it does not look
>> like the server is passing the request to the passwd module
>> 
>> The references in the default and inner-tunnel files to shadow are
>> meaningless as they refer to a section in radiusd.comf that does not
>> exist.
> 
>   See raddb/modules/passwd instead
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://old.nabble.com/RADDB-2.1.7-and--etc-shadow-tp28640012p28644933.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list