(RADIATOR) Shadow Perl module and Radiator

Hugh Irvine hugh at open.com.au
Fri Aug 17 19:16:18 CDT 2001


Hello Pascal -

What user are you running Radiator as?

And can you send me a copy ot the configuration file (no secrets) together 
with a trace 4 debug showing what is happening?

thanks

Hugh


On Friday 17 August 2001 22:28, Pascal Robert wrote:
> > Hello Pascal -
> >
> > I have just noticed this in the trace output:
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878,
> >>>> 700, , , Test Test, /home/test2001, /bin/ksh
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match
> >>>> with test2001
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE:
> >>>> Bad Encrypted password
> >>>> Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad
> >>>> Encrypted password
> >
> > Notice the "*NP*" for the password field - this will always be a Bad
> > Encrypted Password.
> >
> > What happens when you use an AuthBy UNIX and point it at the shadow
> > password file (usually /etc/shadow)?
>
> All users are in NIS+.  When I use <AuthBy NIS+>, I get a Access-Reject but
> the reason of the failure is empty in the log and the reply.  Using
> standard fields and tables of NIS+.
>
> > On Thursday 16 August 2001 22:16, Pascal Robert wrote:
> >> I'm using radpwtest to test it, it's using PAP right ?
> >>
> >>> Hello Pascal -
> >>>
> >>> It looks like you are using CHAP authentication? If so, it won't work.
> >>>
> >>> You can only use PAP authentication with encrypted passwords.
> >>>
> >>> hth
> >>>
> >>> Hugh
> >>>
> >>> On Thursday 16 August 2001 03:20, Pascal Robert wrote:
> >>>> Hi,
> >>>>
> >>>> I'm trying to get a legacy realm working, it's a Solaris 2.6 SPARC
> >>>> system. I installed the Shadow module as indicated in the
> >>>> documentation (in fact, it's two modules: Shadowf.pm and Shadows.pm),
> >>>> but all auth fails:
> >>>>
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: Handling with Radius::AuthSYSTEM
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: getpwnam got test2001, *NP*, 8878,
> >>>> 700, , , Test Test, /home/test2001, /bin/ksh
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM looks for match
> >>>> with test2001
> >>>> Wed Aug 15 13:07:11 2001: DEBUG: Radius::AuthSYSTEM REJECT_IMMEDIATE:
> >>>> Bad Encrypted password
> >>>> Wed Aug 15 13:07:11 2001: INFO: Access rejected for test2001: Bad
> >>>> Encrypted password
> >>>>
> >>>> This is the realm in my configuration file:
> >>>>
> >>>> <Realm mlink.net>
> >>>>         RewriteUsername s/^([^@]+).*/$1/
> >>>>         RewriteUsername tr/A-Z/a-z/
> >>>>         RejectHasReason
> >>>>         AcctLogFileName %L/detail.%Y%m%d
> >>>>         PasswordLogFileName %L/mlink.passwd.%Y%m%d
> >>>>
> >>>>         <AuthBy SYSTEM>
> >>>>
> >>>>                 UseGetspnamf
> >>>>
> >>>>         </AuthBy>
> >>>> </Realm>
> >>>>
> >>>>
> >>>> All accounts that I tested are showing the same behaviour, even if the
> >>>> password on the system are all good.
> >>>>
> >>>> Any ideas ?

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list