Radius 2.0 and NIS...

draggy (draggy@kosmic.org)
Wed, 7 May 1997 12:41:42 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Philip Farr: "USED PM2E30s and USR Modems"
Previous message: Rick Wagner: "Abort errors and CRC errors on PMs ??"

Hi,
I'm trying to run a secondary radius server on a system using NIS.
And I'm running into problems.

My default entry for PPP users is:

DEFAULT Auth-Type = System,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP,
Idle-Timeout = 1800,
Session-Timeout = 16200

When I stop the primary server and requests are sent to this server,
requests are declined. In debug mode I see:

Wed May 7 11:31:30 1997: [24037] radrecv: Request from host xxx.xxx.xxx.xxx code=1, id=84, length=67
Wed May 7 11:31:30 1997: [24037] User-Name = "USER"
Wed May 7 11:31:30 1997: [24037] Password = "Mangled passwd"
Wed May 7 11:31:30 1997: [24037] NAS-IP-Address = xxx.xxx.xxx.xxx
Wed May 7 11:31:30 1997: [24037] NAS-Port = 26
Wed May 7 11:31:30 1997: [24037] NAS-Port-Type = Async
Wed May 7 11:31:31 1997: [24399] unix_pass: getpwnam for<USER> failed
Wed May 7 11:31:31 1997: [24399] Sending Reject of id 84 to pm2 (xxx.xxx.xxx.xxx)

I run my NIS server in Debug mode and I don't see any of the requests that
should be coming in. Though it does map alright since I can use other
services like ftp, and the NIS lookup for the password happens. And
ypmatch works with the failing users.

ypmatch USERNAME passwd
USERNAME:12fzrsJ2tTD/A:1163:100:,,,:/usr/home/USERNAME:/bin/noshell

I searched for "NIS" in the provided and online docs,

The Configuration Guide says "The server can authenticate users against a
UNIX password file, NIS databases, or a separately maintained radius
database" so I figured it should work.

The Radius Administrator guide makes no mention of NIS, other than
if the radiusd server runs on a NIS client, the "service" map of the NIS
server should include the radius,raddact entries, which 1. doesn't relate
to passwd lookups, 2. is useless in my case since I don't map the
/etc/services file.

I should also point out that if I disable NIS, the lookup work
fine using the standard password file.

Does anyone who've got it working or knows what I'm doing wrong
contact me!

Thanks.

Nick.

P.S. the radiusd is running on BSD/OS 3.0

Next message: Philip Farr: "USED PM2E30s and USR Modems"
Previous message: Rick Wagner: "Abort errors and CRC errors on PMs ??"