> We had this problem about 6 months ago and I really wish I could remember
> what I did (searching through my engineering notebooks is a nightmare).
> We did a few things, though.
I'm sure there's something really dumb and stupid I'm overlooking.
> We added the portmaster to the /etc/hosts.equiv file.
Did that. The Portmaster is router.esva.net at 205.157.137.1, and our
hosts.equiv is:
router
router.esva.net
205.157.137.1
(not indented).
> We also removed all the users from the users
> table on the PM and allowed RADIUS to do all authentication.
Did that.
> We also
> tried using "UNIX" as the password to let the challenge to to
> /etc/passwd, I believe. I eventually moved over to putting passwords in
> the RADIUS users file.
We have no UNIX entry. All passwords are in the RADIUS users file.
> Also, if you are still using a users table
> you will want to check the Pass-Thru Login field to determine
> whether the host will authenticate or RADIUS.
The user table is empty. All ports are set to "Netwrk (Dial-In) (Security)".
> Here's an example entry I have for a shell user.
>
> shelluser Password = "blahblah"
> User-Service-Type = Login-User,
> Login-Host = 204.68.227.1,
> Login-Service = PortMaster
Tried that. Also Login-Service=Rlogin or Telnet. None works. Also, the
docs are kinda vague on what the heck the "PortMaster" service is. Does
anyone know?
At any rate, I just now tried it with this entry in /etc/raddb/users
(password changed to protect the guilty):
leo Password = "yatayata", Expiration = "Jan 1, 1996"
User-Service-Type = Login-User,
Login-Host = 205.157.137.10,
Login-Service = Portmaster
Still no joy.
> Again, I don't know if this will help you. Hell, I'm not 100% sure this
> is *all* we did, but maybe it'll help you kick the can a bit further. I
> think I've come to realize that it's not *how* the bear dances, but that
> the bear dances at all.
So far, my bear ain't dancing yet. After login and password I just get
the login prompt again. No console messages. This gets added to the
RADIUS log:
Thu Sep 14 20:07:26 1995: Authenticate: from router.esva.net - Invalid User: thom
and this gets added to /var/log/termlog:
Sep 14 20:07:26 router dialnet: port S2 thom login failed
What it all means, I haven't a clue. My best guess at this point is that
there is some simple thing one has to do to a UNIX box to make it accept
rlogins, but nobody has mentioned it to me because they all assume that
of COURSE I must have done THAT! Something like the /etc/hosts.equiv
thing, which I found in my own reading rather than hearing it from
Livingston or BSDI tech support.
> Good luck.
Thanks. I think I'm gonna need it! <grin>
--
("`-/")_.-'"``-._ Leo Savage
. . `; -._ )-;-,_`)
(v_,)' _ )`-.\ ``-' leo@esva.net
_.- _..-_/ / ((.'
((,.-' ((,/ http://www.esva.net/~leo/