Re: Password conflict between Radius Server and Machine account
I am really sorry Ivan. I am very new to radius and have not gone in depth. Thanks a lot. I can see the expected behavior after commenting unix in authorize :) Regards, Dhandapani Ivan Kalik wrote: And I couldn't find the 'authorize' config file anywhere in my server. Oh, dear. How are you going to use the server when you don't know even the most basic things about it? Authorize is a section in the default virtual server (raddb/sites-enabled/default). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Password-conflict-between-Radius-Server-and-Machine-account-tp24055968p24067553.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password conflict between Radius Server and Machine account
Hi,
When I was trying to authenticate ssh login through radius server, I noticed
an conflict issue with password.
I have a linux machine-1 in which radius server is installed. I have
configured an user with name/password as root/public in
/usr/local/etc/raddb/users. But the linux machine already have a 'root' user
account with password 'public123'.
Now I tried to ssh machine-2 with username 'root' and password 'public'. SSH
of this machine-2 is configured with above radius server for authentication.
But the radius server rejects the access-request and log as below.
-
++[unix] returns updated
[files] users: Matched entry root at line 107
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password public
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
---
Note the highlighted lines. First line says '[unix] returns updated. Later
says 'password doesn't match'.
But if I try with Machine-1 password 'public123', it accepts the request.
So looks like that the radius server authenticates with machine password
not using the configured one.
Please clarify me if you have faced this issue.
Regards,
Dhandapani
--
View this message in context:
http://www.nabble.com/Password-conflict-between-Radius-Server-and-Machine-account-tp24055968p24055968.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password conflict between Radius Server and Machine account
When I was trying to authenticate ssh login through radius server, I noticed an conflict issue with password. I have a linux machine-1 in which radius server is installed. I have configured an user with name/password as root/public in /usr/local/etc/raddb/users. But the linux machine already have a 'root' user account with password 'public123'. Comment out unix in authorize. Don't store passwords for same username in several places. Pick one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password conflict between Radius Server and Machine account
Thanks Ivan. My requirement falls in the situation where the radius server will configure a user which may be already configured machine. And I couldn't find the 'authorize' config file anywhere in my server. May I know the exact file/path, the unix should be commented. I am using RedHat Linux. Regards, Dhandapani Ivan Kalik wrote: When I was trying to authenticate ssh login through radius server, I noticed an conflict issue with password. I have a linux machine-1 in which radius server is installed. I have configured an user with name/password as root/public in /usr/local/etc/raddb/users. But the linux machine already have a 'root' user account with password 'public123'. Comment out unix in authorize. Don't store passwords for same username in several places. Pick one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Password-conflict-between-Radius-Server-and-Machine-account-tp24055968p24058723.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password conflict between Radius Server and Machine account
And I couldn't find the 'authorize' config file anywhere in my server. Oh, dear. How are you going to use the server when you don't know even the most basic things about it? Authorize is a section in the default virtual server (raddb/sites-enabled/default). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
