RE: authenticate via etc/shadow intead of users
Authentication requests currently come from cisco routers and switches mostly, probably would have to add servers as well in future. Sodoes it mean that freeradius server will respond by default to the requests from cisco routers and switches whose users I have added in etc/shadow? From: ggat...@waddell.com To: freeradius-users@lists.freeradius.org Date: Mon, 21 Mar 2011 15:41:07 -0500 Subject: RE: authenticate via etc/shadow intead of users Yup – I *think* the “unix” module (*nix) is enabled by default, so it should just work. Perhaps check your radiusd.conf and $radius/sites-enabled/default to ensure it’s enabled. But, I guess it may depend on what type of authentication requests you are speaking of. From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On Behalf Of Raheel Itrat Sent: Monday, March 21, 2011 3:11 PM To: freeradius-users@lists.freeradius.org Subject: RE: authenticate via etc/shadow intead of users Thanks Alan, what I am actually trying to achieve is to authenticate users against our Linux /etc/shadow or /etc/password/ files. I don't want to use the USERS file as it stores passwords in clear text which is what we're trying to avoid. Hi, I am a newbie to free radius, I need to know what changes are required in radiusd.conf or any other file in order to authenticate clients requests through local machine users(etc/passwd or etc/shadow) instead of making users in the raddb/users file. add users to the system passwd/shadow file, ensure that the 'unix' module is enabled. answer based on the scarce info provided alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authenticate via etc/shadow intead of users
Hi, I am a newbie to free radius, I need to know what changes are required in radiusd.conf or any other file in order to authenticate clients requests through local machine users(etc/passwd or etc/shadow) instead of making users in the raddb/users file. Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authenticate via etc/shadow intead of users
Hi, I am a newbie to free radius, I need to know what changes are required in radiusd.conf or any other file in order to authenticate clients requests through local machine users(etc/passwd or etc/shadow) instead of making users in the raddb/users file. add users to the system passwd/shadow file, ensure that the 'unix' module is enabled. answer based on the scarce info provided alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authenticate via etc/shadow intead of users
Thanks Alan, what I am actually trying to achieve is to authenticate users against our Linux /etc/shadow or /etc/password/ files. I don't want to use the USERS file as it stores passwords in clear text which is what we're trying to avoid. Hi, I am a newbie to free radius, I need to know what changes are required in radiusd.conf or any other file in order to authenticate clients requests through local machine users(etc/passwd or etc/shadow) instead of making users in the raddb/users file. add users to the system passwd/shadow file, ensure that the 'unix' module is enabled. answer based on the scarce info provided alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authenticate via etc/shadow intead of users
Yup - I *think* the unix module (*nix) is enabled by default, so it should just work. Perhaps check your radiusd.conf and $radius/sites-enabled/default to ensure it's enabled. But, I guess it may depend on what type of authentication requests you are speaking of. From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On Behalf Of Raheel Itrat Sent: Monday, March 21, 2011 3:11 PM To: freeradius-users@lists.freeradius.org Subject: RE: authenticate via etc/shadow intead of users Thanks Alan, what I am actually trying to achieve is to authenticate users against our Linux /etc/shadow or /etc/password/ files. I don't want to use the USERS file as it stores passwords in clear text which is what we're trying to avoid. Hi, I am a newbie to free radius, I need to know what changes are required in radiusd.conf or any other file in order to authenticate clients requests through local machine users(etc/passwd or etc/shadow) instead of making users in the raddb/users file. add users to the system passwd/shadow file, ensure that the 'unix' module is enabled. answer based on the scarce info provided alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authenticate via etc/shadow intead of users
Hi, Thanks Alan, what I am actually trying to achieve is to authenticate users against our Linux /etc/shadow or /etc/password/ files. I don't want to use the USERS file as it stores passwords in clear text which is what we're trying to avoid. it CAN store the passwords in clear text - it can also have them encrypted eg SHA1 (man rlm_pap) - but it depends what type of authentication you want to use. you can also store in NThash format (which will give you better compatibility) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html