OUR SITES NetworkRADIUS FreeRADIUS

Unix Module

The unix module calls the system getpwnam() functions to get the known good password for the User-Name.

If the passwords are in /etc/shadow, you will need to set the group configuration in radiusd.conf so that the server can read /etc/shadow.

Look for "shadow", and follow the instructions there.

This password is usually in the crypt form, and is incompatible with CHAP, MS-CHAP, PEAP, etc*.

Group Comparisons

The module also registers a Unix group expansion, where it is possible to check if the user is a member of a particular Unix group.

if (%unix.group(admin)) { ...

The expansion returns true if the User-Name is a membber of the given group, and false otherwise.

The old Unix-Group, Group, and Group-Name attributes and comparisons are no longer supported.

Configuration Settings

radwtmp

The location of the wtmp file.

The only use for radlast. If you don’t use radlast, then you can comment out this item.

The radwtmp file may get large! You should rotate it (cp /dev/null radwtmp), or just not use it.

The default is to not use radwtmp files. It’s better to use a database.

Default Configuration

unix {
#	radwtmp = ${logdir}/radwtmp
}