pam_mysql

Jon Westgate jon at fsck.tv
Sun May 6 22:19:02 CEST 2007 

Hi,

I'm trying to get freeradius 1.1.6 (debian) to work with pam_mysql

Why? you may ask, as freeradius already supports mysql.

Well I have my reasons. The first being that I have already got an
authentication backend setup using mysql that I'm using for among other
things samba and email access, it uses mysql 5 crypted passwords which
freeradius does not support.

The really odd thing is that freeradius just comes back with access
denied.  I'm have tried running as root, but it makes no difference. I
wondered if it was cheating and looking directly at the shadow file, but
the source code does not mention it.

Both exim and cyrus-saslauthd have no problems with authenticating users
using the exact same pam.d config files, yet freeradius just sits there
giving access denied messages.


Apex:/etc/pam.d# ps aux |grep radius
root      5849  0.1  0.1   3808  2484 pts/7    S+   20:12   0:00
freeradius -AXxx
root      5857  0.0  0.0   1736   544 pts/2    S+   20:13   0:00 grep radius
root     11478  0.0  0.0   3112   576 pts/8    S    16:11   0:00
/usr/sbin/radiusd -b -p 1645

Sun May  6 20:12:08 2007 : Debug: auth: type "PAM"
Sun May  6 20:12:08 2007 : Debug:   Processing the authenticate section
of radiusd.conf
Sun May  6 20:12:08 2007 : Debug: modcall: entering group authenticate
for request 0
Sun May  6 20:12:08 2007 : Debug:   modsingle[authenticate]: calling pam
(rlm_pam) for request 0
Sun May  6 20:12:08 2007 : Debug: pam_pass: using pamauth string
<radiusd> for pam.conf lookup
Sun May  6 20:12:08 2007 : Debug: pam_pass: function pam_authenticate
FAILED for <oryn>. Reason: Permission denied
Sun May  6 20:12:08 2007 : Debug:   modsingle[authenticate]: returned
from pam (rlm_pam) for request 0
Sun May  6 20:12:08 2007 : Debug:   modcall[authenticate]: module "pam"
returns reject for request 0
Sun May  6 20:12:08 2007 : Debug: modcall: leaving group authenticate
(returns reject) for request 0
Sun May  6 20:12:08 2007 : Debug: auth: Failed to validate the user.

Any ideas?


Regards
Jon Westgate
(Oryn)

More information about the Freeradius-Users mailing list