Any comments are most welcome, I'm still learning :)
I have Freeradius running on FreeBSD 4.6.2, and Openbsd as a client
(Still in a test environment)
vi /usr/local/radius/etc/raddb/users
add the following:
<userid1> Auth-Type := Local, User-Password == "<password>"
vi /usr/local/radius/etc/raddb/clients.conf
client <client IP> { <<< My OpenBSD IP address
secret = <Shared key> <<< must match the <shared key>
in /etc/raddb/servers
shortname = <name_of_server>
}
On the Openbsd server:
vi /etc/login.conf
add the following:
<New_Login_Class>:\
:requirehome@:\
:auth=radius:\
:radius-server=<IP address of radius-server>:\
:radius-timeout=1:\
:radius-retries=5:
add the following as root
useradd -m -d /home/<userid1> -c "test radius user" -s /bin/ksh -u
10000 -L <New_Login_Class> <userid>
mkdir -m 755 /etc/raddb
echo "<ip radius server> <shared key>" > /etc/raddb/servers
chmod 400 /etc/raddb/servers
On Wednesday, September 18, 2002, at 03:47 AM, Gian-Carlo Baldarelli
wrote:
> I need only system authentication and as I red in the conf
>
> - I comment out in radius.conf
>
> # for some systems, like FreeBSD.
> #
> #passwd = /etc/passwd
> # shadow = /etc/shadow
> group = /etc/group
>
> - Radius is running under nobody:nobody
>
> output:
> ...
> rad_check_password: Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
> rlm_unix: [remadmin]: invalid password
> modcall[authenticate]: module "unix" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
>
> ..
>
> Where is the problem ?
> The password is correct, the user can log on locally
> Has this user to be part of a particular group ?
> Where I do configure the group that has the authorizations ???
>
>
> -----Messaggio originale-----
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Artur
> Hecker
> Inviato: marted� 17 settembre 2002 15.55
> A: [EMAIL PROTECTED]
> Oggetto: Re: R: R: radius.conf
>
>
> hi
>
>> Here is my user in /etc/passwd
>>
>> demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet
>>
>> until know the user config file, is the user.sample with no change
>
> can you login locally with the password you used? does radius read both
> /etc/passwd AND /etc/shadow? i can't see it in the log since you
> truncated it.
>
>
>> rlm_unix: [demo]: invalid password
>> modcall[authenticate]: module "unix" returns reject
>> modcall: group authenticate returns reject
>> auth: Failed to validate the user.
>
>
> ciao
> artur
>
>
> --
> Artur Hecker Groupe Acc�s et Mobilit�
> hecker[at]enst[dot]fr D�partement Informatique et R�seaux
> +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
> http://www.infres.enst.fr ENST Paris
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
