Pam radius authentication

danieldinu at rdslink.ro danieldinu at rdslink.ro
Mon Oct 16 13:41:37 CEST 2006 

anyone??? pls!!! no suggestions at all ? :(

Pe 12 Oct 2006, la 12:46, danieldinu at rdslink.ro a scris:

>
>Hello!
>
>I try to authenticate ssh users logins using pam_radius_auth.so.
>On my RedHat 9 I have the following setup:
>- freeradius server
>      - users file:
>        test    Auth-Type := Local, User-Password == "test"
>        
>     - clients.conf
>        client 127.0.0.1 {
>          secret          = secret
>           shortname       = localhost
>        }
>
>-pam radius module
>   - cat /etc/pam.d/sshd
>#%PAM-1.0
>auth       required     pam_securetty.so
>auth       sufficient   pam_radius_auth.so debug
>auth       required     /lib/security/pam_unix_auth.so
>account    required     pam_radius_auth.so debug
>password   required     pam_stack.so service=system-auth
>session    required     pam_stack.so service=system-auth
>session    required     pam_limits.so
>session    optional     pam_console.so
>    -cat /etc/raddb/server
>       127.0.0.1       secret             1
>
>
>- pam_radius_auth.so is copied in /lib/security
>-I created linux user test with home directory /home/test , without setting up a password 
>- freeradius started with radiusd -X
>
>Problem is that, when I trie to connect to this machine using ssh, the radius server receives the request, processes it, sends access-accept, but the ssh session is ended, without the user being really logged in !!! I don't know the reason why the user gets rejected...
>
>tail -f /var/log/secure
>Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 1108551052.
>Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: Got RADIUS response code 2
>Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: authentication succeeded
>Oct 12 11:06:27 D-Server sshd[26585]: Accepted password for test from 10.243.30.42 port 2847 ssh2
>Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got user name test
>Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Sending RADIUS request code 1
>Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 1108551052.
>Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got RADIUS response code 2
>Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: authentication succeeded
>Oct 12 11:28:30 D-Server sshd[26590]: Accepted password for test from 10.243.30.42 port 2881 ssh2
>
>from radiusd -X :
>rad_recv: Access-Request packet from host 127.0.0.1:27615, id=253, length=97
>        User-Name = "test"
>        User-Password = "test"
>        NAS-IP-Address = 127.0.0.1
>        NAS-Identifier = "sshd"
>        NAS-Port = 26590
>        NAS-Port-Type = Virtual
>        Service-Type = Authenticate-Only
>        Calling-Station-Id = "512wyse83.cosmote.rom"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 0
>  modcall[authorize]: module "preprocess" returns ok for request 0
>  modcall[authorize]: module "chap" returns noop for request 0
>  modcall[authorize]: module "mschap" returns noop for request 0
>    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 0
>  rlm_eap: No EAP-Message, not doing EAP
>  modcall[authorize]: module "eap" returns noop for request 0
>    users: Matched entry test at line 80
>  modcall[authorize]: module "files" returns ok for request 0
>modcall: leaving group authorize (returns ok) for request 0
>  rad_check_password:  Found Auth-Type Local
>auth: type Local
>auth: user supplied User-Password matches local User-Password
>Sending Access-Accept of id 253 to 127.0.0.1 port 27615
>Finished request 0
>
>thank you!
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list