Thanks for all replied. my setup is as follows.
1. "test2" user exist in /etc/password and /etc/shadow
2. I could ssh [EMAIL PROTECTED] , and login OK.
3. Radius Authentication for user "test" using "LOCAL" is OK,
however
radius authetication for user "test2" using "System" failed,
with an
I've talked to redhat support, one support engineer told me He
personally never able to get it work under redhat ES either.
he suspect it might be something to do with PAM.
so my questions remains:
1. anybody have luck using "Auth-Type := System" and got it work
under redhat ES version 3.0 for Freeradius 0.9.3?
2. any suggestions for troubleshooting ? how PAM came into play
during the radius authentication process?
Thanks.
=======================debug logs =============================
rad_recv: Access-Request packet from host xxx.yyy.zzz.129:32770, id=46,
length=56
User-Name = "test"
User-Password = "test123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1001
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "eap" returns noop for request 1
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched test at 216
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [test] (from client private-network-1 port 1001)
Sending Access-Accept of id 46 to xxx.yyy.zzz.129:32770
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 46 with timestamp 4096817f
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host <client.ip.addr.129:32770,
id=51, length=57
User-Name = "test2"
User-Password = "test123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1001
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "eap" returns noop for request 2
rlm_realm: No '@' in User-Name = "test2", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched test2 at 217
modcall[authorize]: module "files" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate for request 2
rlm_unix: [test2]: invalid password
modcall[authenticate]: module "unix" returns reject for request 2
modcall: group authenticate returns reject for request 2
auth: Failed to validate the user.
Login incorrect: [test2/test123] (from client private-network-1 port
1001)
Delaying request 2 for 1 seconds
Finished request 2
==========however the userID/password exists ============
client$ ssh [EMAIL PROTECTED]
[EMAIL PROTECTED]'s password:<test123> < == same password as above
[EMAIL PROTECTED] test2]$
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
