I am running FreeRadius 0.7.1 on FreeBSD 4.6 below is a sample of my user
file
userid Auth-Type += System, Service-Type == Login
(I hope this helps)
This tells radius to use /etc/master.passwd for authentication and it works
on my. I do have a problem though. After login, I don't have any privilege
commands (I can't even read the running config on Extreme switches - but I
can on Cisco and Foundry) So my problem is only with Extreme.
I used the Service-Type = Administrative (as specified in rfc2865) but
freeradius complains Unknown value Administrative for attribute
Service-Type
Can anyone please tells me if FreeRadius support rfc2865 attributes.
Thanks in advance,
Many thanks for your help with accounting issue I'll have another go at it
next week. Victor says it works on his system so it is possible.
Mathias,
-Original Message-
From: Monah Baki [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 21:16
To: [EMAIL PROTECTED]
Subject: Re: Help with FreeBSD4.6
Any comments are most welcome, I'm still learning :)
I have Freeradius running on FreeBSD 4.6.2, and Openbsd as a client
(Still in a test environment)
vi /usr/local/radius/etc/raddb/users
add the following:
userid1 Auth-Type := Local, User-Password == password
vi /usr/local/radius/etc/raddb/clients.conf
client client IP { My OpenBSD IP address
secret = Shared key must match the shared key
in /etc/raddb/servers
shortname = name_of_server
}
On the Openbsd server:
vi /etc/login.conf
add the following:
New_Login_Class:\
:requirehome@:\
:auth=radius:\
:radius-server=IP address of radius-server:\
:radius-timeout=1:\
:radius-retries=5:
add the following as root
useradd -m -d /home/userid1 -c test radius user -s /bin/ksh -u
1 -L New_Login_Class userid
mkdir -m 755 /etc/raddb
echo ip radius server shared key /etc/raddb/servers
chmod 400 /etc/raddb/servers
On Wednesday, September 18, 2002, at 03:47 AM, Gian-Carlo Baldarelli
wrote:
I need only system authentication and as I red in the conf
- I comment out in radius.conf
# for some systems, like FreeBSD.
#
#passwd = /etc/passwd
# shadow = /etc/shadow
group = /etc/group
- Radius is running under nobody:nobody
output:
...
rad_check_password: Found Auth-Type System
auth: type System
modcall: entering group authenticate
rlm_unix: [remadmin]: invalid password
modcall[authenticate]: module unix returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
..
Where is the problem ?
The password is correct, the user can log on locally
Has this user to be part of a particular group ?
Where I do configure the group that has the authorizations ???
-Messaggio originale-
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Per conto di Artur
Hecker
Inviato: martedì 17 settembre 2002 15.55
A: [EMAIL PROTECTED]
Oggetto: Re: R: R: radius.conf
hi
Here is my user in /etc/passwd
demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet
until know the user config file, is the user.sample with no change
can you login locally with the password you used? does radius read both
/etc/passwd AND /etc/shadow? i can't see it in the log since you
truncated it.
rlm_unix: [demo]: invalid password
modcall[authenticate]: module unix returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
ciao
artur
--
Artur Hecker Groupe Accès et Mobilité
hecker[at]enst[dot]fr Département Informatique et Réseaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.frENST Paris
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html