Old school: FreeRADIUS and NIS

Alan DeKok aland at deployingradius.com
Mon Mar 10 21:18:57 CET 2014

Arran Cudbard-Bell wrote:
> An excerpt from the Fedora list:

  It's nice to see he's getting the same answers from others.

  i.e. the problem isn't us.

>     > Thing is, based on my searching, getting FreeRADIUS to work with NIS
>     > isn't possible.  At least I've found no documentation on how to make
>     > it work.  There's tons on getting it to work with LDAP, but not NIS.
>     > Which is the reason for my OP.

  I fail to see what the problem is.  NIS is just a way of adding more
back-ends to getpwent() and getspwent().  The applications using those
function calls don't need to do anything.

  i.e. to "integrate" FreeRADIUS with NIS, you just configure NIS.
Then, use the "unix" module in FreeRADIUS, in the "authenticate"
section.  The module will do PAP checks by using getspwent() to get the
crypt'd password.

  *Where* that crypt'd password comes from is for NIS to determine.
FreeRADIUS (and the Unix module) doesn't need to do anything.

  His question amounts to "how do I get FreeRADIUS to read files from
MySQL, where MySQL is using ext4 instead of ext3".  The answer is "you
don't".  FreeRADIUS interacts with X, and X does it's magic.  What's
*behind* X doesn't matter.

  Either NIS works, and getspwent() returns something useful, or NIS
doesn't work, and getspwent() doesn't return anything.   Maybe running
FreeRADIUS as "root" will help.  But if that doesn't work, then the
problem is NIS (or something else), *not* FreeRADIUS.

  And yes, this is one of my common answers.  It's why my answers are
seen as "unhelpful".  I talk about the *cause* of the problem, not the
*symptom*.  Very often, the cause of the problem is a something external
to FreeRADIUS.  The symptom is that FreeRADIUS doesn't work the way you
want, but that's just a symptom.

  Sadly, some people *refuse* to understand this.

  Alan DeKok.

More information about the Freeradius-Users mailing list