Martin Richard wrote: > When starting radiusd -X (yes, I've looked at the output) and testing > these 2 most simple accounts with radtest, the first one fails while the > second one works. The difference being that there's a "mrichard" account > on the box in /etc/passwd while "mrichard2" only exists in radiusd's > config. Hence the output differences when calling "radtest thelogin > qwerty localhost 666 testing123" (cut) :
As the debug log shows, it's using the Unix password for the user, rather than the password from the "users" file. > After a bit of searching I found a reference in the ML archives to > $confdir/sites-enabled/default and saw "unix" in there with the > description saying it caches the hashes from /etc/passwd and its > accompanying shadow. Not exactly. It looks up the user in /etc/passwd, and if found, adds the password as the "known good" password. > I've commented those lines and restarted the > daemon. Now I get this in the PAP output for both users: > > [pap] WARNING! No "known good" password found for the user. > Authentication may fail because of this. Does the "files" module say that they were found in the "users" file? > I must be missing something rather obvious.. But how can I totally > disable the lookup of OS accounts ? Delete "unix" from raddb/sites-enabled/default, section "authorize" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
