(RADIATOR) Shadow Perl module and Radiator

Hugh Irvine hugh at open.com.au
Thu Aug 16 18:33:10 CDT 2001


Hello Pascal -

I have just noticed this in the trace output:

> >> Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM
> >> Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878, 700,
> >> , , Test Test, /home/test2001, /bin/ksh
> >> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match with
> >> test2001
> >> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE:
> >> Bad Encrypted password
> >> Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad
> >> Encrypted password

Notice the "*NP*" for the password field - this will always be a Bad 
Encrypted Password.

What happens when you use an AuthBy UNIX and point it at the shadow password 
file (usually /etc/shadow)?

regards

Hugh


On Thursday 16 August 2001 22:16, Pascal Robert wrote:
> I'm using radpwtest to test it, it's using PAP right ?
>
> > Hello Pascal -
> >
> > It looks like you are using CHAP authentication? If so, it won't work.
> >
> > You can only use PAP authentication with encrypted passwords.
> >
> > hth
> >
> > Hugh
> >
> > On Thursday 16 August 2001 03:20, Pascal Robert wrote:
> >> Hi,
> >>
> >> I'm trying to get a legacy realm working, it's a Solaris 2.6 SPARC
> >> system. I installed the Shadow module as indicated in the documentation
> >> (in fact, it's two modules: Shadowf.pm and Shadows.pm), but all auth
> >> fails:
> >>
> >> Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM
> >> Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878, 700,
> >> , , Test Test, /home/test2001, /bin/ksh
> >> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match with
> >> test2001
> >> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE:
> >> Bad Encrypted password
> >> Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad
> >> Encrypted password
> >>
> >> This is the realm in my configuration file:
> >>
> >> <Realm mlink.net>
> >>         RewriteUsername s/^([^@]+).*/$1/
> >>         RewriteUsername tr/A-Z/a-z/
> >>         RejectHasReason
> >>         AcctLogFileName %L/detail.%Y%m%d
> >>         PasswordLogFileName %L/mlink.passwd.%Y%m%d
> >>
> >>         <AuthBy SYSTEM>
> >>
> >>                 UseGetspnamf
> >>
> >>         </AuthBy>
> >> </Realm>
> >>
> >>
> >> All accounts that I tested are showing the same behaviour, even if the
> >> password on the system are all good.
> >>
> >> Any ideas ?

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list