Authenticating from a file is working now...
# radiusd -d -f /etc/radius/radiusd.conf
2024-08-17 15:37:00:INFO: Start listening on [redacted]:1812/udp
2024-08-17 15:37:00:DEBUG: Module `file' started successfully
2024-08-17 15:37:00:INFO: radius: Use [redacted]:32271 to send requests
for [redacted]:1812
2024-08-17 15:37:00:DEBUG: Module `radius' started successfully
2024-08-17 15:37:00:DEBUG: Module `strip-realm' started successfully
and...
# radiusctl test [redacted] secret mytest password [redacted]
Sending:
Id = 53
Code = Access-Request(1)
Message-Authenticator = (Present)
User-Name = "mytest"
User-Password = "[redacted]"
NAS-Port = 0
NAS-IP-Address = [redacted]
Received:
Id = 53
Code = Access-Accept(2)
Authenticator = Verified
Message-Authenticator = Verified
Once again, many thanks for your assistance!
On 8/16/2024 11:11 PM, YASUOKA Masahiko wrote:
> Hi,
>
> On Fri, 16 Aug 2024 19:29:58 -0400
> Mike <the.li...@mgm51.com> wrote:
>> It's me again... :)
>>
>> OK, working in OpenBSD [hostname] 7.6 GENERIC.MP#247 amd64
>>
>>
>> I was able to get bsdauth to work successfully.
>>
>> So, now I have moved to looking at file auth.
>>
>> In man radiusd_file I see...
>> ---
>> CONFIGURATIONS
>> The module supports the following configuration key and value:
>>
>> path path
>> The path for the file written in the syntax described in
>> npppd-users(5).
>> ---
>>
>>
>> So, in my radiusd.conf I place:
>>
>> ---
>> module load file "/usr/libexec/radiusd/radiusd_file path
>> /etc/radius/radiusd.users"
>> ---
>
> You needed to configure if you use the old syntax.
>
> module load file "/usr/libexec/radiusd/radiusd_file"
> module set file path "/etc/radiusd/radiusd.users"
>
> But, I'll recommend you to use new syntax for 7.6 and after,
>
> module file {
> set path "/etc/radiusd/radiusd.users"
> }
>
> Now module path of /usr/libexec... can be omitted.
>
> As an exmaple for users who want to use a local file,
>
> For users who want to use radiusd for iked,
>
> ---
> client 127.0.0.1/32 {
> secret "SECRET"
> }
>
> module file {
> set path "/etc/npppd/npppd-users"
> }
> module eap2mschap
>
> authentication-filter * by eap2mschap
> authenticate * by file
> ---
>
>> And I see ...
>>
>> ---
>> # radiusd -d -f /etc/radius/radiusd.conf
>> Failed to execute /usr/libexec/radiusd/radiusd_file path
>> /etc/radius/radiusd.users: No such file or directory
>>
>> Could not load module `file': module didn't respond
>> /etc/radius/radiusd.conf:28: module `file' is not found
>> radiusd: config error
>>
>> [root@t05-openbsd76 /etc/radius] # ls -al /etc/radius/radiusd.users
>> -rw-r--r-- 1 root wheel 391 Aug 16 18:51 /etc/radius/radiusd.users
>> ---
>>
>> Where have I gone astray?
>>
>> (suggestion, maybe provide an example in the radiusd_file man page to
>> show how the syntax for the file path should be presented.)
>
> Yes, I wrote an example in
> https://man.openbsd.org/radiusd_eap2mschap.8
> But I'm exhausted at there :). I'll update the man pages and examples
> in few weeks. Thanks,
>
