OK, I think I've got it sussed. Radiusd was running as radiusd user and didn't have access to /etc/shadow and /etc/passwd - at least I figured it out...
Take care all. Ta matthew -----Original Message----- From: Matthew Western, IT Support, Lonsdale Sent: Thursday, 5 August 2004 5:02 PM To: [EMAIL PROTECTED] Subject: Complete novice starting out. Hi All, My long term plan is to get a Cisco 1721 to authenticate against freeRadius -> just the unix passwords '/etc/passwd' for VPN. I've spend the day reading various how-tos and am making progress and learning new terms but I can't get a basic test working even from the command line unless I change the Default Auth-Type to Accept in the users file: # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # #DEFAULT Auth-Type = Accept DEFAULT Auth-Type = System Fall-Through = 1 So I've just started from scratch, uninstalled freeRADIUS completely and reinstalled so as to get back to all the default conf files. >From the command line I type: /usr/sbin/radiusd -X -A To get the server running in debug mode. Then in another session: [EMAIL PROTECTED] raddb]# radtest root "123456" 127.0.0.1 1 testing123 Sending Access-Request of id 151 to 127.0.0.1:1812 User-Name = "root" User-Password = "123456" NAS-IP-Address = testmachine.sola.com.au NAS-Port = 1 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=151, length=20 The debug output of the server: ------------------------------------------ rad_recv: Access-Request packet from host 127.0.0.1:32769, id=183, length=56 User-Name = "root" User-Password = "123456" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "root", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate for request 0 rlm_unix: [root]: invalid password modcall[authenticate]: module "unix" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 183 to 127.0.0.1:32769 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 183 with timestamp 4111f018 Nothing to do. Sleeping until we see a request. --------------------------------------------------------- It's driving me bananas. If I change the default from System to Accept it works fine.... Can anybody even point to a basic HOWTO to get me started??? My resources that I'm using to try and get it going is: Getting Started with FreeRADIUS http://www.onlamp.com/lpt/a/3044 The FreeRADIUS FAQ from http://www.freeradius.org/faq/ And the doc files included with v 0.9.3 which aren't real specific. Thanks in anticipation. Regards Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html