Re: system authentication problem on freebsd

Mon, 18 Nov 2002 02:20:21 -0800 

PS: I traced the daemon while authentication processing.
    It doesn't open the spwd.db file which contains the
    password. Here are all open() syscalls it did:

open("/etc/pwd.db",0x0,00)                       = 7 (0x7)
open("//var/log/radius/radius.log",0x209,0666)   = 7 (0x7)
open("/etc/shells",0x0,00)                       = 7 (0x7)
open("//var/log/radius/radius.log",0x209,0666)   = 7 (0x7)
open("//var/log/radius/radius.log",0x209,0666)   = 7 (0x7)
open("//var/log/radius/radius.log",0x209,0666)   = 7 (0x7)

Tom

On Mon, Nov 18, 2002 at 11:07:15AM +0100, Thomas Linden wrote:
> Hi,
> 
> I have installed the freeradius demon on freebsd. It works
> as long as I use cleartext passwords in the radius users
> file.
> 
> If I use Auth-Type=System with users in /etc/(s)pwd.db then
> it does not work. I commented out /etc/passwd and /etc/shadow
> in radius.conf, so it uses the libc functions, which freebsd
> provides.
> 
> The problem is, that it doesn't seem to verify the password
> correctly. After looking around a while I found out, that
> freeradius doesn't support md5-hashed passwords (btw - why?),
> therefore I changed it in /etc/auth.conf to use DES, which
> is used by crypt().
> 
> But still - it doesn't work. Once again I digged through the
> source.
> In the file src/modules/rlm_unix/rlm_unix.c I found in the
> "#else" block after "#ifdef OSFC2" block there is the
> following line, which requests the password using the systems
> routines (line 505):
> 
>   encrypted_pass = pwd->pw_passwd;
> 
> I added the following line after it:
> 
>   radlog(L_AUTH, "rlm_unix: got: %s", encrypted_pass);
> 
> ,re-compiled and run it. After trying to login I saw the
> following output (using -X):
> 
> ..
> auth: type "System"
> modcall: entering group authenticate
> rlm_unix: got: *
> rlm_unix: [tom2]: invalid password
> ..
> 
> I really don't know, what's wrong here, the password is there:
> 
> (cat from master.passwd:)
> tom2:Sk.MffUl2mnm2:1003:1003::0:0:User &:/home/tom2:/bin/sh
> 
> it's also in the spwd.db.
> 
> 
> Any help is very welcome.
> 
> 
> Thanks in advance,
> 
> Tom
> 
> 
> -- 
> Thomas Linden <[EMAIL PROTECTED]>,  I Z B  Informatik-Zentrum
> Muenchen-Frankfurt a.M. GmbH & Co.KG, Internet Service Providing
> OE532 Tel:089/2171-27998, Fax:089/2171-27995,  http://www.izb.de
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Thomas Linden <[EMAIL PROTECTED]>,  I Z B  Informatik-Zentrum
Muenchen-Frankfurt a.M. GmbH & Co.KG, Internet Service Providing
OE532 Tel:089/2171-27998, Fax:089/2171-27995,  http://www.izb.de

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to