pam_radius: mutiple bad logins hitting radius server
J S
js.tech.mailer at gmail.com
Wed Apr 25 09:06:09 CEST 2007
That's good to know. What seems odd, though, is that it resends the same
request in quick, sub-second succession (based on the RADIUS server logs).
This case has a single RADIUS server at a single IP and a single secret that
works when the correct password is sent (and only 1 log entry), but a wrong
entry is 3 failures.
On 4/24/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> J S wrote:
> >
> > I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend
> > that authenticates to an MS AD server.
> > I'm running into an issue where a user will fail a single login attempt
> > (one username/password challenge with a bad password) and the ACS will
> > record 3 attempts from the client (the Solaris 10 server). after a
> > single attempt (or a valid login with a local password) the 3 fails
> > bollixes up the AD login attempts and locks the user out. Am I missing a
> > compile option to only attempt a single RADIUS login per authentication
> > or do I possible have pam.conf misconfigured. I use sshd-kbdint and
> > sshd-password with the same results. Otherwise the system works well.
>
> The module will re-send the request if it doesn't get a response from
> the RADIUS server. Or, if the response is sent from the wrong IP (i.e.
> the RADIUS server has multiple IP's). Or, if the shared secret is
> incorrect.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070425/e7e4598d/attachment.html>
More information about the Freeradius-Users
mailing list