(ASCEND) NISplus + Radius

[Stuart Kendrick <skendric@fhcrc.org>]

Hi Jason,

I run radiusd in a NIS+ environment, works fine.

Here are the issues which slowed me down:

UIDs have to have valid accounts on the Radius server, e.g. they have to
be allowed to login and must have valid shells.  This doesn't mean that
you have to let them do anything on your Radius server!  Give them a shell
of /bin/true, for instance.

Here is a test methodology:
-Add a user to /etc/passwd via the usual methods.
-Can you telnet to the Radius server and login?
-If so, then you should be able to authenticate via Radius
-Can you su to a sample NIS+ user?  If not, then Radius won't authenticate
the user.

Now, the proper way to support Radius in a NIS+ environment is to hack the
radiusd to consult custom "users.org_dir", "authfile.org_dir", and
"clients.org_dir" tables.  But that requires work, and I'm using Access
Control now anyway, I'm reluctant to maintain my own code base.

--sk

Stuart Kendrick
Network Services
FHCRC

From: Jason Browning <jasonb@intertex.net>
Date: Thu, 12 Feb 1998 23:16:15 -0600 (CST)
Subject: (ASCEND) NISplus + Radius = No Bueno!

>=|,
        I'm in the process of moving radiusd to a Sun running NIS+.  All
my users authenticate using Password = "UNIX".  Debug mode reveals that
radiusd is able to find the users, but NIS+ doesn't like the passwords
anyone gives.

Here's my setup:

DES Security Level: 0  (rpc.nisd -S 0)
In /etc/nsswitch.conf:
        passwd: files nisplus
        groups: files nisplus

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

• Prev by Date: (ASCEND) List of hidden commands in Diagnostics for Max4K
• Next by Date: re: (ASCEND) TNT Hangup.
• Prev by thread: Re: (ASCEND) NISplus + Radius = No Bueno!
• Next by thread: (ASCEND) List of hidden commands in Diagnostics for Max4K
• Index(es):
  • Main
  • Thread