You could merge your /etc/passwd and /etc/shadow files
and place it in a secure location for your radius
server to achive the functionality you're looking
for. There's no need for a separate /etc/passwd and
/etc/shadow file.
At 12:03 PM 10/30/99 -0700, you wrote:
>
>The prob is w/ linux the users primary group is only listed in
>/etc/passwd, not shadow..
>
>On Sat, 30 Oct 1999, John Coy wrote:
>
>> Date: Sat, 30 Oct 1999 13:37:31 -0500
>> From: John Coy <[EMAIL PROTECTED]>
>> To: Jason Godsey <[EMAIL PROTECTED]>
>> Subject: Re: (RADIATOR) Different logfiles for different groups?
>>
>> I synchronize flat UNIX-style shadow, and group files
>> without any problem. I use an Identifier statement to point
>> to the UNIX password and group files.
>>
>> These are my entries in my radiusd.cfg file:
>>
>> #
>> # This AuthBy statement is used to allow the user's file
>> # to refer to a UNIX-style password file when authenticating
>> # users. --jcoy
>> #
>> <AuthBy UNIX>
>> Identifier UNIX
>> Filename /usr/local/etc/shadow
>> GroupFilename /usr/local/etc/group
>> </Authby>
>>
>> #
>> # This AuthBy statement defines the location of the user's
>> # file on the ANCI dial-up system. --jcoy
>> #
>> <AuthBy FILE>
>> Identifier AuthANCIUsers
>> Filename %D/users
>> </AuthBy>
>>
>> #
>> # This realm handles every other user on the ANCI network. --jcoy
>> #
>> <Realm DEFAULT>
>> RewriteUsername tr/A-Z/a-z/
>> AuthByPolicy ContinueAlways
>>
>> AuthBy AuthANCIUsers
>> </Realm>
>>
>> Then, in my 'users' file, I have:
>>
>> #
>> # Default clause for handling everyone not handled explicitly above
>> #
>> DEFAULT Auth-Type = UNIX
>> Ascend-Idle-Limit = 900,
>> Ascend-Assign-IP-Pool = 0,
>> User-Service = Framed-User,
>> Framed-Protocol = PPP,
>> Ascend-Maximum-Channels = 1,
>> Ascend-Maximum-Call-Duration = 480,
>> Ascend-Client-Primary-DNS = 208.133.27.10,
>> Ascend-Client-Secondary-DNS = 208.145.38.10,
>> Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>> Ascend-Shared-Profile-Enable = 0
>>
>> Hope that helps.
>>
>> John
>>
>> At 08:35 AM 10/30/99 -0700, you wrote:
>> >
>> >I will give it a try, however I'm fairly sure we have tried. In my case
>> >there is a bit of a problem, I am generating/maintaining the password
>> >files on our mail server. There are 2 seperate radius servers who I rsync
>> >the files over ssh to every change. The radius server also act as backup
>> >MX servers for us so I didn't want any local accounts on the machines. In
>> >my case I'm actually pointing to /usr/local/etc/shadow,passwd,group.
>> >
>> >Will auth by system work in this way? This is why I said I just whiped up
>> >a little perl program to make the user:pass:uid:gid file in the mix. On
>> >the mail server I use PAM which matches primary and secondary just fine.
>> >
>> >Jason
>> >
>> >On Sat, 30 Oct 1999, Hugh Irvine wrote:
>> >
>> >> Date: Sat, 30 Oct 1999 10:00:35 +1000
>> >> From: Hugh Irvine <[EMAIL PROTECTED]>
>> >> To: Jason Godsey <[EMAIL PROTECTED]>
>> >> Cc: [EMAIL PROTECTED]
>> >> Subject: Re: (RADIATOR) Different logfiles for different groups?
>> >>
>> >>
>> >> Hello Jason -
>> >>
>> >> On Sat, 30 Oct 1999, Jason Godsey wrote:
>> >> > I'm having a problem getting the users primary group, I'm running
>radiator
>> >> > on linux and have the passwordfile pointed to /etc/shadow, it is
able to
>> >> > check the crypted password just fine, however linux's shadow file
>does not
>> >> > contain the users primary group (however the freebsd box's
master.passwd
>> >> > does). Is there an easier fix that my current solution?
>> >> >
>> >>
>> >> Perhaps try AuthBy SYSTEM rather than AuthBy UNIX.
>> >>
>> >> Please let me know how it works.
>> >>
>> >> cheers
>> >>
>> >> Hugh
>> >>
>> >> --
>> >> Radiator: the most portable, flexible and configurable RADIUS server
>> >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> >> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>> >> NT, Rhapsody
>> >>
>> >> ===
>> >> Archive at http://www.thesite.com.au/~radiator/
>> >> To unsubscribe, email '[EMAIL PROTECTED]' with
>> >> 'unsubscribe radiator' in the body of the message.
>> >>
>> >
>> >
>> >===
>> >Archive at http://www.thesite.com.au/~radiator/
>> >To unsubscribe, email '[EMAIL PROTECTED]' with
>> >'unsubscribe radiator' in the body of the message.
>>
>>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
