I am running FreeRadius 0.7.1 on FreeBSD 4.6 below is a sample of my user file
<userid> Auth-Type += System, Service-Type == Login (I hope this helps) This tells radius to use /etc/master.passwd for authentication and it works on my. I do have a problem though. After login, I don't have any privilege commands (I can't even read the running config on Extreme switches - but I can on Cisco and Foundry) So my problem is only with Extreme. I used the Service-Type = Administrative (as specified in rfc2865) but freeradius complains <Unknown value Administrative for attribute Service-Type> Can anyone please tells me if FreeRadius support rfc2865 attributes. Thanks in advance, Many thanks for your help with accounting issue I'll have another go at it next week. Victor says it works on his system so it is possible. Mathias, -----Original Message----- From: Monah Baki [mailto:[EMAIL PROTECTED]] Sent: 18 September 2002 21:16 To: [EMAIL PROTECTED] Subject: Re: Help with FreeBSD4.6 Any comments are most welcome, I'm still learning :) I have Freeradius running on FreeBSD 4.6.2, and Openbsd as a client (Still in a test environment) vi /usr/local/radius/etc/raddb/users add the following: <userid1> Auth-Type := Local, User-Password == "<password>" vi /usr/local/radius/etc/raddb/clients.conf client <client IP> { <<< My OpenBSD IP address secret = <Shared key> <<< must match the <shared key> in /etc/raddb/servers shortname = <name_of_server> } On the Openbsd server: vi /etc/login.conf add the following: <New_Login_Class>:\ :requirehome@:\ :auth=radius:\ :radius-server=<IP address of radius-server>:\ :radius-timeout=1:\ :radius-retries=5: add the following as root useradd -m -d /home/<userid1> -c "test radius user" -s /bin/ksh -u 10000 -L <New_Login_Class> <userid> mkdir -m 755 /etc/raddb echo "<ip radius server> <shared key>" > /etc/raddb/servers chmod 400 /etc/raddb/servers On Wednesday, September 18, 2002, at 03:47 AM, Gian-Carlo Baldarelli wrote: > I need only system authentication and as I red in the conf > > - I comment out in radius.conf > > # for some systems, like FreeBSD. > # > #passwd = /etc/passwd > # shadow = /etc/shadow > group = /etc/group > > - Radius is running under nobody:nobody > > output: > ... > rad_check_password: Found Auth-Type System > auth: type "System" > modcall: entering group authenticate > rlm_unix: [remadmin]: invalid password > modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. > > .. > > Where is the problem ? > The password is correct, the user can log on locally > Has this user to be part of a particular group ? > Where I do configure the group that has the authorizations ??? > > > -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Per conto di Artur > Hecker > Inviato: martedì 17 settembre 2002 15.55 > A: [EMAIL PROTECTED] > Oggetto: Re: R: R: radius.conf > > > hi > >> Here is my user in /etc/passwd >> >> demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet >> >> until know the user config file, is the user.sample with no change > > can you login locally with the password you used? does radius read both > /etc/passwd AND /etc/shadow? i can't see it in the log since you > truncated it. > > >> rlm_unix: [demo]: invalid password >> modcall[authenticate]: module "unix" returns reject >> modcall: group authenticate returns reject >> auth: Failed to validate the user. > > > ciao > artur > > > -- > Artur Hecker Groupe Accès et Mobilité > hecker[at]enst[dot]fr Département Informatique et Réseaux > +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 > http://www.infres.enst.fr ENST Paris > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than TeleCity Limited or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the TeleCity IT department on 0161 226 7643 or by email at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html