Question on pam_radius_auth module getting INCORRECT password
Stefan Paetow
Stefan.Paetow at ja.net
Tue Apr 15 11:29:41 CEST 2014
To check if SELINUX gets in the way, change the policy from enforcing to permissive:
Type "setenforcing 0" on the command-line, then try the auth again.
If that resolves the issue, SELINUX is interfering, and you will have to create a policy for it. There are several articles available (if you search Google) on how to generate SELINUX policies for software that is being blocked by it.
Stefan
-----Original Message-----
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On Behalf Of Josip Almasi
Sent: 15 April 2014 09:57
To: freeradius-users at lists.freeradius.org
Subject: Re: Question on pam_radius_auth module getting INCORRECT password
Hi,
using selinux?
Maybe selinux won't allow radiusd to use pam.
I'm reasonably sure it will get in your way if set to enforcing (rhel default), just I don't know how.
Regards...
On 04/15/2014 01:50 AM, David Li wrote:
> Hi,
>
> I am new to this. Please let me know if there is a better list to post
> this question.
>
> My system is running RHEL and using a separate FreeRadius server to
> authenticate ssh user logins. All regular user credentials are stored
> on the radius server.
>
> I have been trying to track down a wired problem. When a user is
> logging via ssh, the pam_radius_auth module would try to retrieve the
> password and send it to the radius server. But the password returned
> by the
> rad_converse() function is INCORRECT.
>
> I have done some searching and found suggestions that there might be
> something wrong with "other" module that is doing the password checking.
>
> My real question is how I can find out which module is the culprit.
>
> David
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
More information about the Freeradius-Users
mailing list