Old school: FreeRADIUS and NIS
Mark Haney
mhaney at practichem.com
Mon Mar 10 17:23:29 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/10/14 10:33, Phil Mayers wrote:
>
> rlm_unix has a flow like this:
>
> r = getpwnam(username) if not r: return NOTFOUND if not r.passwd or
> len(r.passwd) < 10: s = getspnam(username) if not s: return
> NOTFOUND passwd = s.passwd else: passwd = r.passwd
>
> So, either FreeRADIUS is getting no reply to getpwnam() or it's
> getting an empty or "x" value for the password hash at that stage,
> *then* calling getspnam() and getting no value.
>
> My NIS is rusty, but IIRC calling the getspnam() routines under
> NIS requires you being root? Most likely this is the problem.
Le me re-iterate. Since I've installed FreeRADIUS on my NIS master, I
no longer care so much about dealing with NIS. At this stage, it's
simply a matter of getting FR and rlm_unix to see and access my local
user/pwd sitting in /etc/passwd and /etc/shadow. Surely, setting up
Fr for that is not /that/ complicated. So, forget about NIS. That is
not a problem.
So, now that I have that out of the way, it seems rlm_unix isn't able
to read /etc/shadow. I'm assuming the getspnam(username) call is
trying to read /etc/shadow? If so, how is the best way to fix this?
I read somewhere that rlm_unix didn't need to copy the password files
into a temp file with radwtmp unless there was a specific reason for
it. What exactly is that all about?
- --
Mark Haney
Network/Systems Administrator
Practichem
W: (919) 714-8428
Fedora release 20 (Heisenbug) 3.13.4-200.fc20.x86_64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTHeb2AAoJEM/YzwEAv6e7EtsH/1DSyXULTwGN2Y4x/lvq/5cj
OYj585upGm0gZlNTEBjDYF1eJQw+S26bIhbogiaaWElBhnNE43K0iXnlJMxC3rwJ
ZRdoT5dQHufyOAFpDrg0GvR4BsnlSUlRzckBDGdFSsEtHHUtH0UU/ajuKo8JgXxZ
4smQ1dl9dFY9A9xe7AI7MGMI76QAqTIuTREmEwfPVKl9HSsBHAFr64hzxsUc8TcE
5GEizfXQv3XvTLsYuDCPRF2SxZr5ZpLi3Yuu/GLlC6Vl88qpNHgbPVf5rKw1NVMl
OhYFHSnz+pzgyAKJBg3Np5xoV1cvDYf0wQ3Kv0i1UwP3SF4r9RvdAPNjyyzjZJc=
=mS2E
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list