On 15 August 2012, at 14:23, Fajar A. Nugraha wrote:
> On Thu, Aug 16, 2012 at 3:40 AM, Robert Haskins
> <[email protected]> wrote:
>> I get a reject, even though the
>> crypt'd passwords match!
>
> That's not how crypt works. You don't compare the crypted password.
>
>
>> [pap] login attempt with password "krt444"
>
> that is what the user sends
>
>> [pap] Using CRYPT password "*3u.3LS/VKTOVc"
>
> that is what FR reads from whatever backend which stores user
> information (in your case, should be the unix module)
>
>> The crypt'd password ("*3u.3LS/VKTOVc") is exactly what is in the
>> /etc/shadow file.
>
> because that's where FR reads it from, of course it's the same.
>
>> So I am confident the shared secret is correct.
>
> Shared secret has nothing to do with your problem.
>
>> What am I doing wrong?
>
> Simple. Is "krt444" the correct password? FR says it's not.
>
I don't know for sure about your system, but most Unix based systems will not
generate a * in the encrypted password. Normally that is used to indicate a
locked or disabled account. From the FreeBSD man pages:
A password of `*' indicates that password authentication is disabled for
that account (logins through other forms of authentication, e.g., using
ssh(1) keys, will still work). The field only contains encrypted pass-
words, and `*' can never be the result of encrypting a password.
You might want to try reentering that password or check your man pages.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
