How to do FreeRADIUS understand the ssh encrypted password that is passed?

Kalil de A. Carvalho kalilac at gmail.com
Thu Jul 27 21:27:46 CEST 2017


Hello Alan.

Thanks for your replay.

Here the parts of debug output that it is important, I think:


"My *guess* is that the SSH session is set up to use PAM.  And that PAM is
mangling to the password to "invalid" or some such string." <- you ware
right!

Received Access-Request Id 51 from IP_SOURCE:10722 to SERVER_RADIUS:1812
length 89
User-Name = 'bo01'
User-Password = '\010\n\r\177INCORRECT'
NAS-IP-Address = 127.0.1.1
NAS-Identifier = 'sshd'
NAS-Port = 9697
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = 'CLIENT_TEST'


Here is just show that the ldap search is working fine:

User found. Comparison between membership: name (resolved from DN), check:
name

Here is the resolt of password confrontation:

(2)  ERROR: ldap : Bind credentials incorrect: Invalid credentials
(2)  ERROR: ldap : Server said: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1.

Best regards,

On Thu, Jul 27, 2017 at 2:55 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Jul 27, 2017, at 1:22 PM, Kalil de A. Carvalho <kalilac at gmail.com>
> wrote:
> > I have my enviroment working fine for telnet access, my FreeRADIUS server
> > is doing the user search on LDAP with no problem but, when I use any ssh
> > session is passed a encryped password that RADIUS
>
>   What does that mean?
>
>   It's almost always best to post the actual debug output.  That is much
> clearer than vague descriptions.
>
> > try to use with LDAP
> > database, found the user but the password is considered wrong and regect
> my
> > access.
>
>   My *guess* is that the SSH session is set up to use PAM.  And that PAM
> is mangling to the password to "invalid" or some such string.
>
>   Again, reading the debug output would show you this.
>
> > I searched for configuration and what I saw it is very similar whith I
> have
> > here. The unic diference is that I am using a EdgeRouter Lite but I am
> > folling the documentation and using the GUI tool.
> >
> > Can any one help me?
>
>   Post the debug output as suggested in the "man" page, FAQ, web pages,
> and daily on this list.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html




-- 
Atenciosamente,
Kalil de A. Carvalho


More information about the Freeradius-Users mailing list