I cant help on RH but Im preparing to try SUSE 9.0 PRO that includes FreeRadius soon. Have you heard anything about SUSE-PRO and Radius. Ernie
-----Original Message----- From: Zhisong Jin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 9:26 AM To: [EMAIL PROTECTED]; Alan DeKok Subject: Re: Freeradius on redhat ES 3.0 Thanks for all replied. my setup is as follows. 1. "test2" user exist in /etc/password and /etc/shadow 2. I could ssh [EMAIL PROTECTED] , and login OK. 3. Radius Authentication for user "test" using "LOCAL" is OK, however radius authetication for user "test2" using "System" failed, with an I've talked to redhat support, one support engineer told me He personally never able to get it work under redhat ES either. he suspect it might be something to do with PAM. so my questions remains: 1. anybody have luck using "Auth-Type := System" and got it work under redhat ES version 3.0 for Freeradius 0.9.3? 2. any suggestions for troubleshooting ? how PAM came into play during the radius authentication process? Thanks. =======================debug logs ============================= rad_recv: Access-Request packet from host xxx.yyy.zzz.129:32770, id=46, length=56 User-Name = "test" User-Password = "test123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1001 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "eap" returns noop for request 1 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched test at 216 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [test] (from client private-network-1 port 1001) Sending Access-Accept of id 46 to xxx.yyy.zzz.129:32770 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 46 with timestamp 4096817f Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host <client.ip.addr.129:32770, id=51, length=57 User-Name = "test2" User-Password = "test123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1001 modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "eap" returns noop for request 2 rlm_realm: No '@' in User-Name = "test2", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched test2 at 217 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate for request 2 rlm_unix: [test2]: invalid password modcall[authenticate]: module "unix" returns reject for request 2 modcall: group authenticate returns reject for request 2 auth: Failed to validate the user. Login incorrect: [test2/test123] (from client private-network-1 port 1001) Delaying request 2 for 1 seconds Finished request 2 ==========however the userID/password exists ============ client$ ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password:<test123> < == same password as above [EMAIL PROTECTED] test2]$ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
