OK, lets change the config to enable shadow passwords and caching passwords
************************* # allowed values: {no, yes} cache = yes # Reload the cache every 600 seconds (10mins). 0 to disable. cache_reload = 600 # # Define the locations of the normal passwd, shadow, and # group files. # # 'shadow' is commented out by default, because not all # systems have shadow passwords. # passwd = /etc/passwd shadow = /etc/shadow group = /etc/group ************************* radiusd -X ************************** Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: //etc/raddb/clients.conf Config: including file: //etc/raddb/snmp.conf Config: including file: //etc/raddb/sql.conf main: prefix = "/" main: localstatedir = "//var" main: logdir = "/var/log/radiusd-freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radiusd-freeradius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "//var/run/radiusd/radiusd.pid" main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radiusd-freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user daemon found in hashtable bucket 11668 HASH: user bin found in hashtable bucket 86651 HASH: user sys found in hashtable bucket 64201 HASH: user sync found in hashtable bucket 42895 HASH: user games found in hashtable bucket 47657 HASH: user man found in hashtable bucket 50534 HASH: user lp found in hashtable bucket 54068 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user proxy found in hashtable bucket 7806 HASH: user majordom found in hashtable bucket 55433 HASH: user postgres found in hashtable bucket 19301 HASH: user www-data found in hashtable bucket 84448 HASH: user backup found in hashtable bucket 3418 HASH: user msql found in hashtable bucket 14409 HASH: user operator found in hashtable bucket 21748 HASH: user list found in hashtable bucket 91138 HASH: user irc found in hashtable bucket 2346 HASH: user gnats found in hashtable bucket 75017 HASH: user nobody found in hashtable bucket 99723 HASH: user andrewt found in hashtable bucket 53363 HASH: user marine found in hashtable bucket 64462 HASH: user ntop found in hashtable bucket 51851 HASH: user freerad found in hashtable bucket 13457 HASH: user mervynj found in hashtable bucket 75613 HASH: user radtest found in hashtable bucket 16015 HASH: user Administrator found in hashtable bucket 86869 HASH: Stored 29 entries from /etc/passwd HASH: Stored 45 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "//etc/raddb/huntgroups" preprocess: hints = "//etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "//etc/raddb/users" files: acctusersfile = "//etc/raddb/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/radiusd-freeradius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radiusd-freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) main: smux_password = "" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. ***************************** Lets run radtest: **************************** sat:/usr/lib/freeradius# radtest radtest radpass 127.0.0.1 1 testing123 3 Sending Access-Request of id 63 to 127.0.0.1:1812 User-Name = "radtest" Password = "X\236\201\325\317\305\331\251\364\364A>A\020\217\215" NAS-IP-Address = sat NAS-Port-Id = "1" Framed-Protocol = PPP rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=63, length=50 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP **************************** I'll be damned, it worked! **************************** rad_recv: Access-Request packet from host 127.0.0.1:1028, id=63, length=62 User-Name = "radtest" Password = "X\236\201\325\317\305\331\251\364\364A>A\020\217\215" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "1" Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched DEFAULT at 144 users: Matched DEFAULT at 163 users: Matched DEFAULT at 175 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate HASH: user radtest found in hashtable bucket 16015 modcall[authenticate]: module "unix" returns ok modcall: group authenticate returns ok Sending Access-Accept of id 63 to 127.0.0.1:1028 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Cleaning up request 0 ID 63 with timestamp 3c741fb2 Nothing to do. Sleeping until we see a request. *********************************** Lets try it with the wrong password *********************************** sat:/usr/lib/freeradius# radtest radtest NOTradpass 127.0.0.1 1 testing123 3 Sending Access-Request of id 98 to 127.0.0.1:1812 User-Name = "radtest" Password = "\226\231]k\252\376\371q\323\222IrB\2678\372" NAS-IP-Address = sat NAS-Port-Id = "1" Framed-Protocol = PPP rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=98, length=20 sat:/usr/lib/freeradius# ********************************** rad_recv: Access-Request packet from host 127.0.0.1:1028, id=98, length=62 User-Name = "radtest" Password = "\226\231]k\252\376\371q\323\222IrB\2678\372" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "1" Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched DEFAULT at 144 users: Matched DEFAULT at 163 users: Matched DEFAULT at 175 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate rlm_users : Time to refresh cache. HASH: user root found in hashtable bucket 11726 HASH: user daemon found in hashtable bucket 11668 HASH: user bin found in hashtable bucket 86651 HASH: user sys found in hashtable bucket 64201 HASH: user sync found in hashtable bucket 42895 HASH: user games found in hashtable bucket 47657 HASH: user man found in hashtable bucket 50534 HASH: user lp found in hashtable bucket 54068 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user proxy found in hashtable bucket 7806 HASH: user majordom found in hashtable bucket 55433 HASH: user postgres found in hashtable bucket 19301 HASH: user www-data found in hashtable bucket 84448 HASH: user backup found in hashtable bucket 3418 HASH: user msql found in hashtable bucket 14409 HASH: user operator found in hashtable bucket 21748 HASH: user list found in hashtable bucket 91138 HASH: user irc found in hashtable bucket 2346 HASH: user gnats found in hashtable bucket 75017 HASH: user nobody found in hashtable bucket 99723 HASH: user andrewt found in hashtable bucket 53363 HASH: user marine found in hashtable bucket 64462 HASH: user ntop found in hashtable bucket 51851 HASH: user freerad found in hashtable bucket 13457 HASH: user mervynj found in hashtable bucket 75613 HASH: user radtest found in hashtable bucket 16015 HASH: user Administrator found in hashtable bucket 86869 HASH: Stored 29 entries from /etc/passwd HASH: Stored 45 entries from /etc/group HASH: user radtest found in hashtable bucket 16015 modcall[authenticate]: module "unix" returns reject modcall: group authenticate returns reject auth: Failed to validate the user. Sending Access-Reject of id 98 to 127.0.0.1:1028 Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 98 with timestamp 3c742166 Nothing to do. Sleeping until we see a request. ******************************* Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 21, 2002 2:58 AM Subject: Re: Configuring to use shadow passwords > "Andrew Tait" <[EMAIL PROTECTED]> wrote: > > I have setup freeradius on another server (actually it was still setup from > > our previous testing). > ... > > The only thing I noticed was: > > > Module: Loaded System > > unix: cache = no > > I'm not sure that the non-caching code in rlm_unix has been well > tested. Enable the caching, and it may work. > > If so, then that there's a bug in the non-caching code. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html