Re: Configuring to use shadow passwords

Andrew Tait Wed, 20 Feb 2002 14:45:02 -0800

OK, lets change the config to enable shadow passwords and caching passwords

*************************
                # allowed values: {no, yes}
                cache = yes
                # Reload the cache every 600 seconds (10mins). 0 to disable.
                cache_reload = 600

                #
                #  Define the locations of the normal passwd, shadow, and
                #  group files.
                #
                #  'shadow' is commented out by default, because not all
                #  systems have shadow passwords.
                #
                passwd = /etc/passwd
                shadow = /etc/shadow
                group = /etc/group
*************************

radiusd -X

**************************
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: //etc/raddb/clients.conf
Config:   including file: //etc/raddb/snmp.conf
Config:   including file: //etc/raddb/sql.conf
 main: prefix = "/"
 main: localstatedir = "//var"
 main: logdir = "/var/log/radiusd-freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/radiusd-freeradius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_auth = no
 main: log_auth_badpass = yes
 main: log_auth_goodpass = no
 main: pidfile = "//var/run/radiusd/radiusd.pid"
 main: user = "root"
 main: group = "root"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = yes
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded System
 unix: cache = yes
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/var/log/radiusd-freeradius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
HASH:  Reinitializing hash structures and lists for caching...
  HASH:  user root found in hashtable bucket 11726
  HASH:  user daemon found in hashtable bucket 11668
  HASH:  user bin found in hashtable bucket 86651
  HASH:  user sys found in hashtable bucket 64201
  HASH:  user sync found in hashtable bucket 42895
  HASH:  user games found in hashtable bucket 47657
  HASH:  user man found in hashtable bucket 50534
  HASH:  user lp found in hashtable bucket 54068
  HASH:  user mail found in hashtable bucket 79471
  HASH:  user news found in hashtable bucket 5375
  HASH:  user uucp found in hashtable bucket 38541
  HASH:  user proxy found in hashtable bucket 7806
  HASH:  user majordom found in hashtable bucket 55433
  HASH:  user postgres found in hashtable bucket 19301
  HASH:  user www-data found in hashtable bucket 84448
  HASH:  user backup found in hashtable bucket 3418
  HASH:  user msql found in hashtable bucket 14409
  HASH:  user operator found in hashtable bucket 21748
  HASH:  user list found in hashtable bucket 91138
  HASH:  user irc found in hashtable bucket 2346
  HASH:  user gnats found in hashtable bucket 75017
  HASH:  user nobody found in hashtable bucket 99723
  HASH:  user andrewt found in hashtable bucket 53363
  HASH:  user marine found in hashtable bucket 64462
  HASH:  user ntop found in hashtable bucket 51851
  HASH:  user freerad found in hashtable bucket 13457
  HASH:  user mervynj found in hashtable bucket 75613
  HASH:  user radtest found in hashtable bucket 16015
  HASH:  user Administrator found in hashtable bucket 86869
HASH:  Stored 29 entries from /etc/passwd
HASH:  Stored 45 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
 preprocess: huntgroups = "//etc/raddb/huntgroups"
 preprocess: hints = "//etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "//etc/raddb/users"
 files: acctusersfile = "//etc/raddb/acct_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
 detail: detailfile =
"/var/log/radiusd-freeradius/radacct/%{Client-IP-Address}/detail"
 detail: detailperm = 384
 detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/var/log/radiusd-freeradius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
 main: smux_password = ""
 main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection refused
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
*****************************

Lets run radtest:

****************************

sat:/usr/lib/freeradius# radtest radtest radpass 127.0.0.1 1 testing123 3

Sending Access-Request of id 63 to 127.0.0.1:1812
        User-Name = "radtest"
        Password = "X\236\201\325\317\305\331\251\364\364A>A\020\217\215"
        NAS-IP-Address = sat
        NAS-Port-Id = "1"
        Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=63, length=50
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP

****************************
I'll be damned, it worked!

****************************

rad_recv: Access-Request packet from host 127.0.0.1:1028, id=63, length=62
        User-Name = "radtest"
        Password = "X\236\201\325\317\305\331\251\364\364A>A\020\217\215"
        NAS-IP-Address = 255.255.255.255
        NAS-Port-Id = "1"
        Framed-Protocol = PPP
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "suffix" returns ok
    users: Matched DEFAULT at 144
    users: Matched DEFAULT at 163
    users: Matched DEFAULT at 175
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
  HASH:  user radtest found in hashtable bucket 16015
  modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 63 to 127.0.0.1:1028
        Framed-IP-Address = 255.255.255.254
        Framed-MTU = 576
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-Compression = Van-Jacobson-TCP-IP
Finished request 0
Going to the next request
SMUX connect try 2
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 6 seconds...
SMUX connect try 3
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Cleaning up request 0 ID 63 with timestamp 3c741fb2
Nothing to do.  Sleeping until we see a request.

***********************************

Lets try it with the wrong password

***********************************

sat:/usr/lib/freeradius# radtest radtest NOTradpass 127.0.0.1 1 testing123 3
Sending Access-Request of id 98 to 127.0.0.1:1812
        User-Name = "radtest"
        Password = "\226\231]k\252\376\371q\323\222IrB\2678\372"
        NAS-IP-Address = sat
        NAS-Port-Id = "1"
        Framed-Protocol = PPP
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=98, length=20
sat:/usr/lib/freeradius#

**********************************

rad_recv: Access-Request packet from host 127.0.0.1:1028, id=98, length=62
        User-Name = "radtest"
        Password = "\226\231]k\252\376\371q\323\222IrB\2678\372"
        NAS-IP-Address = 255.255.255.255
        NAS-Port-Id = "1"
        Framed-Protocol = PPP
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "suffix" returns ok
    users: Matched DEFAULT at 144
    users: Matched DEFAULT at 163
    users: Matched DEFAULT at 175
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
rlm_users : Time to refresh cache.
  HASH:  user root found in hashtable bucket 11726
  HASH:  user daemon found in hashtable bucket 11668
  HASH:  user bin found in hashtable bucket 86651
  HASH:  user sys found in hashtable bucket 64201
  HASH:  user sync found in hashtable bucket 42895
  HASH:  user games found in hashtable bucket 47657
  HASH:  user man found in hashtable bucket 50534
  HASH:  user lp found in hashtable bucket 54068
  HASH:  user mail found in hashtable bucket 79471
  HASH:  user news found in hashtable bucket 5375
  HASH:  user uucp found in hashtable bucket 38541
  HASH:  user proxy found in hashtable bucket 7806
  HASH:  user majordom found in hashtable bucket 55433
  HASH:  user postgres found in hashtable bucket 19301
  HASH:  user www-data found in hashtable bucket 84448
  HASH:  user backup found in hashtable bucket 3418
  HASH:  user msql found in hashtable bucket 14409
  HASH:  user operator found in hashtable bucket 21748
  HASH:  user list found in hashtable bucket 91138
  HASH:  user irc found in hashtable bucket 2346
  HASH:  user gnats found in hashtable bucket 75017
  HASH:  user nobody found in hashtable bucket 99723
  HASH:  user andrewt found in hashtable bucket 53363
  HASH:  user marine found in hashtable bucket 64462
  HASH:  user ntop found in hashtable bucket 51851
  HASH:  user freerad found in hashtable bucket 13457
  HASH:  user mervynj found in hashtable bucket 75613
  HASH:  user radtest found in hashtable bucket 16015
  HASH:  user Administrator found in hashtable bucket 86869
HASH:  Stored 29 entries from /etc/passwd
HASH:  Stored 45 entries from /etc/group
  HASH:  user radtest found in hashtable bucket 16015
  modcall[authenticate]: module "unix" returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
Sending Access-Reject of id 98 to 127.0.0.1:1028
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 98 with timestamp 3c742166
Nothing to do.  Sleeping until we see a request.

*******************************

Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874

"It's the smell! If there is such a thing." Agent Smith - The Matrix

----- Original Message -----
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 21, 2002 2:58 AM
Subject: Re: Configuring to use shadow passwords

> "Andrew Tait" <[EMAIL PROTECTED]> wrote:
> > I have setup freeradius on another server (actually it was still setup
from
> > our previous testing).
> ...
>
>   The only thing I noticed was:
>
> > Module: Loaded System
> >  unix: cache = no
>
>   I'm not sure that the non-caching code in rlm_unix has been well
> tested.  Enable the caching, and it may work.
>
>   If so, then that there's a bug in the non-caching code.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Configuring to use shadow passwords

Reply via email to