Dennis Skinner wrote: > Norman Zhang wrote: >> How do I setup users tester-a to use /etc/shadow for authentication? >> >> Currently I have >> >> tester-a Auth-Type := Local, User-Password == "superuser" >> cisco-avpair = "shell:priv-lvl=15", >> Service-Type = Administrative-User > > I would start by reading radiusd.conf. Look for every instance of the > word "shadow" and read those comments. Then setup the unix module properly. > > Make sure the user/group that radiusd runs as can read /etc/shadow.
Thanks. Changed /etc/shadow to 444 for now. Also unix { password = /etc/password group = /etc/group shadow = /etc/shadow } are uncommented in radiusd.conf > Make sure you are *only* using PAP. CHAP encrypts the password over the > wire and you cannot compare crypt to crypt. One of them needs to be > cleartext (this is a limitation of encryption, not FreeRADIUS). See the > table here: > > http://deployingradius.com/documents/protocols/compatibility.html > > (you are using Unix Crypt). pap { encryption_scheme = crypt } chap { authtype = CHAP } still fails. I guess I need to configure users. Will run radiusd -X to debug. Norman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html