I am running FreeRadius 0.7.1 on FreeBSD 4.6 below is a sample of my user
file
<userid> Auth-Type += System, Service-Type == Login
(I hope this helps)
This tells radius to use /etc/master.passwd for authentication and it works
on my. I do have a problem though. After login, I don't have any privilege
commands (I can't even read the running config on Extreme switches - but I
can on Cisco and Foundry) So my problem is only with Extreme.
I used the Service-Type = Administrative (as specified in rfc2865) but
freeradius complains <Unknown value Administrative for attribute
Service-Type>
Can anyone please tells me if FreeRadius support rfc2865 attributes.
Thanks in advance,
Many thanks for your help with accounting issue I'll have another go at it
next week. Victor says it works on his system so it is possible.
Mathias,
-----Original Message-----
From: Monah Baki [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 21:16
To: [EMAIL PROTECTED]
Subject: Re: Help with FreeBSD4.6
Any comments are most welcome, I'm still learning :)
I have Freeradius running on FreeBSD 4.6.2, and Openbsd as a client
(Still in a test environment)
vi /usr/local/radius/etc/raddb/users
add the following:
<userid1> Auth-Type := Local, User-Password == "<password>"
vi /usr/local/radius/etc/raddb/clients.conf
client <client IP> { <<< My OpenBSD IP address
secret = <Shared key> <<< must match the <shared key>
in /etc/raddb/servers
shortname = <name_of_server>
}
On the Openbsd server:
vi /etc/login.conf
add the following:
<New_Login_Class>:\
:requirehome@:\
:auth=radius:\
:radius-server=<IP address of radius-server>:\
:radius-timeout=1:\
:radius-retries=5:
add the following as root
useradd -m -d /home/<userid1> -c "test radius user" -s /bin/ksh -u
10000 -L <New_Login_Class> <userid>
mkdir -m 755 /etc/raddb
echo "<ip radius server> <shared key>" > /etc/raddb/servers
chmod 400 /etc/raddb/servers
On Wednesday, September 18, 2002, at 03:47 AM, Gian-Carlo Baldarelli
wrote:
> I need only system authentication and as I red in the conf
>
> - I comment out in radius.conf
>
> # for some systems, like FreeBSD.
> #
> #passwd = /etc/passwd
> # shadow = /etc/shadow
> group = /etc/group
>
> - Radius is running under nobody:nobody
>
> output:
> ...
> rad_check_password: Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
> rlm_unix: [remadmin]: invalid password
> modcall[authenticate]: module "unix" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
>
> ..
>
> Where is the problem ?
> The password is correct, the user can log on locally
> Has this user to be part of a particular group ?
> Where I do configure the group that has the authorizations ???
>
>
> -----Messaggio originale-----
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Artur
> Hecker
> Inviato: martedì 17 settembre 2002 15.55
> A: [EMAIL PROTECTED]
> Oggetto: Re: R: R: radius.conf
>
>
> hi
>
>> Here is my user in /etc/passwd
>>
>> demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet
>>
>> until know the user config file, is the user.sample with no change
>
> can you login locally with the password you used? does radius read both
> /etc/passwd AND /etc/shadow? i can't see it in the log since you
> truncated it.
>
>
>> rlm_unix: [demo]: invalid password
>> modcall[authenticate]: module "unix" returns reject
>> modcall: group authenticate returns reject
>> auth: Failed to validate the user.
>
>
> ciao
> artur
>
>
> --
> Artur Hecker Groupe Accès et Mobilité
> hecker[at]enst[dot]fr Département Informatique et Réseaux
> +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
> http://www.infres.enst.fr ENST Paris
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
