Old school: FreeRADIUS and NIS

Mark Haney mhaney at practichem.com
Mon Mar 10 17:23:29 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 03/10/14 10:33, Phil Mayers wrote:

> 
> rlm_unix has a flow like this:
> 
> r = getpwnam(username) if not r: return NOTFOUND if not r.passwd or
> len(r.passwd) < 10: s = getspnam(username) if not s: return
> NOTFOUND passwd = s.passwd else: passwd = r.passwd
> 
> So, either FreeRADIUS is getting no reply to getpwnam() or it's
> getting an empty or "x" value for the password hash at that stage,
> *then* calling getspnam() and getting no value.
> 
> My NIS is rusty, but IIRC calling the getspnam() routines under
> NIS requires you being root? Most likely this is the problem.

Le me re-iterate.  Since I've installed FreeRADIUS on my NIS master, I
no longer care so much about dealing with NIS.  At this stage, it's
simply a matter of getting FR and rlm_unix to see and access my local
user/pwd sitting in /etc/passwd and /etc/shadow.  Surely, setting up
Fr for that is not /that/ complicated.  So, forget about NIS.  That is
not a problem.

So, now that I have that out of the way, it seems rlm_unix isn't able
to read /etc/shadow.  I'm assuming the getspnam(username) call is
trying to read /etc/shadow?  If so, how is the best way to fix this?
I read somewhere that rlm_unix didn't need to copy the password files
into a temp file with radwtmp unless there was a specific reason for
it.  What exactly is that all about?


- -- 
Mark Haney
Network/Systems Administrator
Practichem
W: (919) 714-8428
Fedora release 20 (Heisenbug) 3.13.4-200.fc20.x86_64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTHeb2AAoJEM/YzwEAv6e7EtsH/1DSyXULTwGN2Y4x/lvq/5cj
OYj585upGm0gZlNTEBjDYF1eJQw+S26bIhbogiaaWElBhnNE43K0iXnlJMxC3rwJ
ZRdoT5dQHufyOAFpDrg0GvR4BsnlSUlRzckBDGdFSsEtHHUtH0UU/ajuKo8JgXxZ
4smQ1dl9dFY9A9xe7AI7MGMI76QAqTIuTREmEwfPVKl9HSsBHAFr64hzxsUc8TcE
5GEizfXQv3XvTLsYuDCPRF2SxZr5ZpLi3Yuu/GLlC6Vl88qpNHgbPVf5rKw1NVMl
OhYFHSnz+pzgyAKJBg3Np5xoV1cvDYf0wQ3Kv0i1UwP3SF4r9RvdAPNjyyzjZJc=
=mS2E
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list