Re: Cache /etc/passwd, /etc/shadow, and /etc/group
Kevin, Thanks this works well. Thanks again, Ken Rea On Thu, 10 Oct 2002, Kevin Bonner wrote: > In the unix section of radiusd.conf, try the following: > > cache = yes > password = /path/to/passwd > shadow = /path/to/passwd > > If your passwd file contains encrypted passwords (i.e. no shadow file), then > using the above should allow you to cache the data. We are currently using > this method to allow different realms to have their own passwd files, and > just assigning different Auth-Type's depending on the realm. We'll be moving > to SQL auth shortly, but for the time being, this is working quite well for > us. > > Kevin > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
On Thursday 10 October 2002 13:27, User for Free Radius mail list wrote: > On Thu, 10 Oct 2002, 3APA3A wrote: > > passwd file doesn't contain any passwords or hashes, so it's useless > > without shadow. > > If you do not use shadow passwords it does keep encrypted passwords in the > passwd file. Check your man pages "man 5 passwd" and you will see the > second field "Optional encrypted password". This is the way it was long > before shadow passwords came about. The reason we do not use shadow > passwords on this server is beyond the scope of this email. > > It would be nice to be able to cache this data for quick lookup. > > Thanks, > > Ken Rea In the unix section of radiusd.conf, try the following: cache = yes password = /path/to/passwd shadow = /path/to/passwd If your passwd file contains encrypted passwords (i.e. no shadow file), then using the above should allow you to cache the data. We are currently using this method to allow different realms to have their own passwd files, and just assigning different Auth-Type's depending on the realm. We'll be moving to SQL auth shortly, but for the time being, this is working quite well for us. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
On Thu, 10 Oct 2002, 3APA3A wrote: > > passwd file doesn't contain any passwords or hashes, so it's useless > without shadow. If you do not use shadow passwords it does keep encrypted passwords in the passwd file. Check your man pages "man 5 passwd" and you will see the second field "Optional encrypted password". This is the way it was long before shadow passwords came about. The reason we do not use shadow passwords on this server is beyond the scope of this email. It would be nice to be able to cache this data for quick lookup. Thanks, Ken Rea - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
User for Free Radius mail list <[EMAIL PROTECTED]> wrote: > In the radiusd.conf file: > The "Cache" setup does not work if you do not use shadow passwords. If the > "shadow" line is left at the default value: (ie commented out) Yes... your system has shadow passwords, so if you want to cache them, you've go to read the shadow password file. Where, exactly, did you expect the cached passwords to be read from? Not all systems have fgetpwent()... > If you say "no" to the "cache" option: .. > It loads up just fine. Of course. Because it doesn't cache the passwords, it can use getpwent() to get the password, which is a system call which knows where the password files are located. > Is there something I'm missing or is the the default behavior of this > setup? Some knowledge of how Unix systems are set up should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
Dear User for Free Radius mail list, passwd file doesn't contain any passwords or hashes, so it's useless without shadow. If you store your passwords in plain text file format different from linux passwd/shadow files consider to use rlm_passwd module. See doc/rlm_passwd. --Thursday, October 10, 2002, 5:11:15 AM, you wrote to [EMAIL PROTECTED]: UfFRml> System = Linux with kernel 2.4.18 UfFRml> In the radiusd.conf file: UfFRml> The "Cache" setup does not work if you do not use shadow passwords. If the UfFRml> "shadow" line is left at the default value: (ie commented out) UfFRml> To force the module to use the system password functions, UfFRml> # instead of reading the files, comment out the 'passwd' UfFRml> # and 'shadow' configuration entries. This is required UfFRml> # for some systems, like FreeBSD. UfFRml> # UfFRml> passwd = /etc/passwd UfFRml> # shadow = /etc/shadow UfFRml> Then you will get an error: UfFRml> Wed Oct 9 17:51:06 2002 : Info: HASH: Reinitializing hash structures UfFRml> and lists for caching... UfFRml> Wed Oct 9 17:51:06 2002 : Error: rlm_unix: You MUST specify a shadow UfFRml> password file! UfFRml> Wed Oct 9 17:51:06 2002 : Error: HASH: unable to create user hash table. UfFRml> disable caching and run debugs UfFRml> Wed Oct 9 17:51:06 2002 : Error: radiusd.conf[462]: unix: Module UfFRml> instantiation failed. UfFRml> If you say "no" to the "cache" option: UfFRml># For FreeBSD, you do NOT want to enable the cache, UfFRml> # as it's password lookups are done via a database. UfFRml> # UfFRml> # allowed values: {no, yes} UfFRml> cache = no UfFRml> It loads up just fine. UfFRml> Is there something I'm missing or is the the default behavior of this UfFRml> setup? UfFRml> Thanks, UfFRml> Ken Rea UfFRml> - UfFRml> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Òàêèì îáðàçîì ýòîò ïóòü äåøåâëå è ê íåìó ëåã÷å äîáðàòüñÿ òîìó, êòî â ñîñòîÿíèè äî íåãî äîáðàòüñÿ. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
I get similar behaviour with mine (FreeRadius 0.4 debian testing package, 2.4.18 kernel). I just set a new box to auth against /etc/raddb/passwd and /etc/raddb/sahdow. The only way I could get it to work is with caching. However, on the original radius server that the passwd and shadow file originate from, I have caching disabled, and am NOT specifying the location of the shadow file. And that is the only way I can get that box to work. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "User for Free Radius mail list" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 10, 2002 11:11 AM Subject: Cache /etc/passwd, /etc/shadow, and /etc/group > > System = Linux with kernel 2.4.18 > > In the radiusd.conf file: > The "Cache" setup does not work if you do not use shadow passwords. If the > "shadow" line is left at the default value: (ie commented out) > > To force the module to use the system password functions, > # instead of reading the files, comment out the 'passwd' > # and 'shadow' configuration entries. This is required > # for some systems, like FreeBSD. > # > passwd = /etc/passwd > # shadow = /etc/shadow > > Then you will get an error: > > Wed Oct 9 17:51:06 2002 : Info: HASH: Reinitializing hash structures > and lists for caching... > Wed Oct 9 17:51:06 2002 : Error: rlm_unix: You MUST specify a shadow > password file! > Wed Oct 9 17:51:06 2002 : Error: HASH: unable to create user hash table. > disable caching and run debugs > Wed Oct 9 17:51:06 2002 : Error: radiusd.conf[462]: unix: Module > instantiation failed. > > If you say "no" to the "cache" option: > ># For FreeBSD, you do NOT want to enable the cache, > # as it's password lookups are done via a database. > # > # allowed values: {no, yes} > cache = no > > It loads up just fine. > > > Is there something I'm missing or is the the default behavior of this > setup? > > Thanks, > > Ken Rea > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html