EAP Submodule failed. PAM module issue.

Tue Sep 1 23:13:37 CEST 2020

>  That means you haven't made PAM aware of the "pam-imap-radius2"
configuration.
I'm currently trying to figure that out. I have checked the PAM folders.
The all the pam-imap related files including pam_imap.conf are all in the
/etc/security/pam.d file. I also tried configuring the common-account and
common-auth files. Unless I'm missing a particular PAM file where to state
to use pam-imap
>So.... how did you configure FreeRADIUS to look for the realm "ucn.cl",
and use the correct PAM-Auth?  It would help to describe that.
I am following an eduram based configuration which states that for each
realm there should be a pam-imap file, pam-imap-radius, and users file for
each. For example the file pam_imap.conf has this configuration:

PAM_PasswordString = Password:
# If you use a certificate that is not in the default certificate store,
# you should specify the path to it here.
# Note that this option should *NOT* have an equals sign
CertificateFile /etc/ssl/certs/ca-certificates.crt

PAM_Server0 = imaps:imap.gmail.com:993
PAM_Domain = ucn.cl
PAM_BlockList = root, admin, Administrator, apache
PAM_HashEnable = yes
# This file must be writable by whatever uses PAM
PAM_HashFile = /var/cache/pam_imap/pam_imap.gdbm
# Keep a hash of good passwords to prevent overloading the IMAP server
PAM_HashDelta = 600

While one of the users file is stated that it should look like this:

test Realm == "ucn.cl", Cleartext-Password := "123456"

DEFAULT Virtual-Server == inner-tunnel, Pam-Auth := "pam-imap-radius", Auth-
Type = PAM

>Which means that you can set PAM-Auth here, and set it to the correct
value.
Sorry, but can you please explain this more? should I just write
"Auth-type: PAM" right after first_files?

> (7) pam: Using pamauth string "pam-imap-radius2" for pam.conf lookup

  >Where does that come from?
I still don't know what is going with that. I'm still trying to check the
pam config files.

  By the way I checked the logs in var/logs and this message appeared
Sep  1 16:57:06 radius-wifi freeradius: PAM unable to dlopen(pam_imap.so):
/lib/security/pam_imap.so: undefined symbol: pam_get_item
Sep  1 16:57:06 radius-wifi freeradius: PAM adding faulty module:
pam_imap.so

Sorry for the trouble

El mar., 1 sept. 2020 a las 14:42, Alan DeKok (<aland at deployingradius.com>)
escribió:

> On Sep 1, 2020, at 12:02 PM, HORMAZABAL PI�ONES BARBARA FRANCISCA <
> bhp001 at alumnos.ucn.cl> wrote:
> >
> > Thank you for answering, Alan. I changed the settings in the eap file and
> > inner-tunnel. In the eap it's now eap_type = ttls. I'm still having
> > problems with the PAM-IMAP module though.
> >
> > Looking around the internet I found that there was a type in setting the
> > users with PAM. So I have them in my users file as
> > DEFAULT Virtual-Server == inner-tunnel, Pam-Auth = "pam-imap-radius",
> > Auth-Type = PAM
> >
> > Reading the output, these lines are causing the problem.
> >
> > (7) pam: Using pamauth string "pam-imap-radius2" for pam.conf lookup
> > (7) pam: ERROR: pam_authenticate failed: Module is unknown
>
>   That means you haven't made PAM aware of the "pam-imap-radius2"
> configuration.
>
> > For some reason it doesn't recognize that with the realm "ucn.cl"
> should be
> > using pam-imap-radius and not pam-imap-radius2.
>
>   So.... how did you configure FreeRADIUS to look for the realm "ucn.cl",
> and use the correct PAM-Auth?  It would help to describe that.
>
>   The debug log shows:
>
> > (7)       if (Realm == 'ucn.cl')  {
> >
> > (7) first_files: EXPAND %{Virtual-Server}
> >
> > (7) first_files:    --> inner-tunnel
> >
> > (7) first_files: users: Matched entry DEFAULT at line 93
> >
> > (7)         [first_files] = ok
>
>   Which means that you can set PAM-Auth here, and set it to the correct
> value.
> >
> > (7)     authenticate {
> >
> > (7) pam: Using pamauth string "pam-imap-radius2" for pam.conf lookup
>
>   Where does that come from?
>
>   Alan DeKok/
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html