OK, I think I've got it sussed. Radiusd was running as radiusd user
and didn't have access to /etc/shadow and /etc/passwd - at least I
figured it out...
Take care all.
Ta
matthew
-----Original Message-----
From: Matthew Western, IT Support, Lonsdale
Sent: Thursday, 5 August 2004 5:02 PM
To: [EMAIL PROTECTED]
Subject: Complete novice starting out.
Hi All,
My long term plan is to get a Cisco 1721 to authenticate against
freeRadius -> just the unix passwords '/etc/passwd' for VPN.
I've spend the day reading various how-tos and am making progress and
learning new terms but I can't get a basic test working even from the
command line unless I change the Default Auth-Type to Accept in the
users file:
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
#DEFAULT Auth-Type = Accept
DEFAULT Auth-Type = System
Fall-Through = 1
So I've just started from scratch, uninstalled freeRADIUS completely and
reinstalled so as to get back to all the default conf files.
>From the command line I type:
/usr/sbin/radiusd -X -A
To get the server running in debug mode.
Then in another session:
[EMAIL PROTECTED] raddb]# radtest root "123456" 127.0.0.1 1 testing123
Sending Access-Request of id 151 to 127.0.0.1:1812
User-Name = "root"
User-Password = "123456"
NAS-IP-Address = testmachine.sola.com.au
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=151,
length=20
The debug output of the server:
------------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:32769, id=183,
length=56
User-Name = "root"
User-Password = "123456"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "root", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate for request 0
rlm_unix: [root]: invalid password
modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 183 to 127.0.0.1:32769 Waking up in 4
seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 183 with timestamp 4111f018 Nothing to do.
Sleeping until we see a request.
---------------------------------------------------------
It's driving me bananas. If I change the default from System to Accept
it works fine.... Can anybody even point to a basic HOWTO to get me
started???
My resources that I'm using to try and get it going is:
Getting Started with FreeRADIUS http://www.onlamp.com/lpt/a/3044 The
FreeRADIUS FAQ from http://www.freeradius.org/faq/ And the doc files
included with v 0.9.3 which aren't real specific.
Thanks in anticipation.
Regards
Matthew
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
