basic freeradius problem

[xhon]

my problem is really very simple
System authentication doesn't work !

radius starts
it loads the unix module:

Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group" <--- I had to enter these filenames in radiusd.conf !!!
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)

"users" file without any changes
so every user matches default and gets System authenticated
"clients.conf" also with no changes, with localhost and testing123 password

however, when I try to do radtest I get an Access-reject

it works, when I put mu username and password in users file
like this:
xhon Password == "password"
Reply-message = "hello"

I have exactly the same configuration on my laptop (fedora 4)
and it works

anyone ? it must some stupid mistake ..

--
xhon

[xhon]

rad_recv: Access-Request packet from host 127.0.0.1:32769, id=129, length=56
User-Name = "xhon"
User-Password = "password"
NAS-IP-Address = 255.255.255.255
NAS-Port = 10
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "xhon", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 157
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_unix: [xhon]: invalid password
modcall[authenticate]: module "unix" returns reject for request 1
modcall: group authenticate returns reject for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request

--------------------------
rlm_unix reports "invalid password"
but the password is correct

another question: why NAS-IP-Address = 255.255.255.255 ?
why it is not localhost ip address ?

[xhon]

freeradius had to be started as root
http://marc.theaimsgroup.com/?l=freeradius-users&m=108973709319786&w=2

I don't know why. It works as dedicated radiusd user on fedora :-/
I prefer not to run it with root privileges, so if anyone can suggest anything....

--
xhon

[neonknight]

Indeed a good question.
I'm stuck with the same problem and I see two possible solutions this far:
- either change ownershop of /etc/shadow (I don't really want to do this...)
- use PAM (which I can't get to work...)

[neonknight]

Wuahahaha, forget that lastone...
I've tried half of the afternoon to get it working. And I found out that PAM works under two conditions:

1) start radiusd as a non-privileged user and use the following /etc/pam.d/radiusd