Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) NISplus and Radius
Hi Troy,
I do this, e.g. use NIS+ under Solaris 2.6 to authenticate Radius users.
Here are the gotchas I recall:
-The user must have a valid account on the box hosting the Radius daemon.
If you can't "su - username", then Radius will refuse access. My users
have a shell of /bin/passwd -- /bin/true would be fine, also. Remember
that the user's shell must exist in /etc/shells.
-I use netgroups to control access to given machines. Using netgroups,
the passwd lines in /etc/nsswitch.conf look like:
# The next two lines enable the use of netgroups
passwd: compat
passwd_compat: nisplus
And the tail end of /etc/passwd and shadow look like:
/etc/passwd
...
ssmith:x:24178:96:Susan Smith:/home/ssmith:/bin/passwd
+@ops:x:::::
+@mach-only:x:::::
+@remote-only:x:::::
+@unix-admin:x:::::
/etc/shadow
...
ssmith:{encrypted whatever}:10389::::::
+@ops::9928::::::
+@mach-only:9928:::::::
+@remote-only:9928:::::::
+@unix-admin::9928::::::
If you don't use netgroups, then you don't care about this stuff.
Hmmm, that's all I remember. Valid shell and netgroups.
--sk
Stuart Kendrick
FHCRC
From: Troy High <thigh@smatnet.net>
Date: Mon, 31 Aug 1998 23:51:37 -0400 (EDT)
Subject: (ASCEND) NISplus and Radius
Hello All,
I've recently installed Ascend's Radius on Solaris 2.6 and I'm using
NIS+. I have had a lot of difficulty getting this to work correctly and
particularly when I use ' password = "UNIX" ' accounts. These accounts
cannot authenticate correctly when I use Radius and NISplus. I have
tried changing password to 'compat' in my nsswitch.conf but it doesn't
improve things really.
Has anyone already fought this battle before? I would love to hear from
you as it appears that there are some tricks to getting it to work.
Thanks in Advance,
Troy High
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>