trying to override the pam_auth attribute

Jonathan Davis jonathan at prioritycolo.com
Wed Aug 25 03:09:41 CEST 2021


On 2021-08-24 7:21 p.m., Alan DeKok wrote:
>    How?  What did you do?

Looking at mods-enabled/pam I added in following the same synatx: 
pam_auth = radiusd2

I also tried:

pam {

     pam_auth = radiusd2

}

But that gave me the error that  "pam" modules aren't allowed in 
'authorize' sections -- they have no such method.


>    So... what's on line 329 of the file /etc/freeradius/3.0/sites-enabled/default?

pam_auth = radiusd2

>    No.

Good to know

>    So.. what did you do?

If it's "no" to adding it to /mods-config/files/authorize no point 
wasting characters on adding my various attempts here.

>    How can we help you if you give us as little information as possible?
>
>    See "man unlang" and all of the virtual servers for how to add attributes.  You can't just invent stuff and drop it into the configuration files.  It looks like that's what you've done.
>
>    Instead, you have to read the documentation.  You have to use the documented syntax to do things.

When I look in man unlang I'm reading a lot on comparisons and logic 
statements, and don't fully understand the attributes assignment 
section, as in the example:

         Attribute-Reference = value

That is what I thought I was doing? In the authentication section, where 
I match the Auth-Type I want, I've tried the following with no luck:

update request {
     pam_auth = radiusd2
}

Error: Unknown attribute 'pam_auth'

update request {
     pam-auth = radiusd2
}

No error but I see it's using /etc/pam.d/radiusd instead of 
/etc/pam.d/radiusd2
"-> (0) pam: Using pamauth string "radiusd" for pam.conf lookup"

Which lead me to trying to update the pamauth string (even if in 
pam.conf it's set with pam_auth)


update request {
     pamauth = radiusd2
}
Error: Unknown attribute 'pamauth'

Tried the above with just update { } to similar errors. Also tried:

pam {
     pam_auth = radiusd2
}

pam {
     pamauth = radiusd2
}

Error: Unknown action 'radiusd2' Failed to parse "pam" subsection.

I have read some documentation :) As this is the comment:

         #  Note that any Pam-Auth attribute set in the 'authorize'
         #  section will over-ride this one.

So I mean, full circle, what am I missing from trying to set a Pam-Auth 
attribute in authorize? I'm very willing to eat humble pie if I've 
missed how to do this in the docs (

Even throwing the update {} into authorize {} gives me the same Unknown 
attribute error for pam_auth and pamauth, and pam-auth is ignored. (0) 
pam: Using pamauth string "radiusd" for pam.conf lookup


>    And please, if you make changes to the config and it errors out, PLEASE tell us what changes you made.  That's the only way we can help you.
>
>    When you keep things secret, it makes it much more difficult for us to help you.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list