I am trying to use mschap and the following is logged suggesting that ldap authorize succeeds but unix authorize fails but the passwords are the same (aside from the fact that samba hashes the password). I can ssh into the radius server with the user name and password...
# getent passwd|grep craigwhite craigwhite:x:1013:1000:Craig White:/home/users/craigwhite:/bin/sh # radtest craigwhite MY_PASSWORD MY_RADIUS_SERVER 0 whatever and on the radius server running 'radiusd -X -f' Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.100.7:60829, id=45, length=62 User-Name = "craigwhite" User-Password = "MY_PASSWORD" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "craigwhite", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for craigwhite radius_xlat: '(uid=craigwhite)' radius_xlat: 'ou=People,ou=Accounts,o=MY_ORG,c=US' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow rlm_ldap: bind as cn=admin,o=Mullen,c=US/riod to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=People,ou=Accounts,o=MY_ORG,c=US, with filter (uid=craigwhite) rlm_ldap: checking if remote access for craigwhite is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: Adding sambaAcctFlags as SMB-Account-CTRL-TEXT, value [UX ] & op=21 rlm_ldap: Adding sambaNTPassword as NT-Password, value HASHED_PASSWORD & op=21 rlm_ldap: Adding sambaLMPassword as LM-Password, value HASHED_PASSWORD & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user craigwhite authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: [craigwhite]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: leaving group authenticate (returns reject) for request 0 auth: Failed to validate the user. Obviously this is something to do with the 'users' file configuration which is still at it's default and apparently this is the problem here... DEFAULT Auth-Type = System Fall-Through = 1 What nugget am I missing? Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html