<div> </div>
<div> That's good to know. What seems odd, though, is that it resends the same request in quick, sub-second succession (based on the RADIUS server logs). This case has a single RADIUS server at a single IP and a single secret that works when the correct password is sent (and only 1 log entry), but a wrong entry is 3 failures.
<br><br> </div>
<div><span class="gmail_quote">On 4/24/07, <b class="gmail_sendername">Alan DeKok</b> <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">J S wrote:<br>><br>> I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend<br>> that authenticates to an MS AD server.
<br>> I'm running into an issue where a user will fail a single login attempt<br>> (one username/password challenge with a bad password) and the ACS will<br>> record 3 attempts from the client (the Solaris 10 server). after a
<br>> single attempt (or a valid login with a local password) the 3 fails<br>> bollixes up the AD login attempts and locks the user out. Am I missing a<br>> compile option to only attempt a single RADIUS login per authentication
<br>> or do I possible have pam.conf misconfigured. I use sshd-kbdint and<br>> sshd-password with the same results. Otherwise the system works well.<br><br>The module will re-send the request if it doesn't get a response from
<br>the RADIUS server. Or, if the response is sent from the wrong IP (i.e.<br>the RADIUS server has multiple IP's). Or, if the shared secret is<br>incorrect.<br><br>Alan DeKok.<br>--<br><a href="http://deployingradius.com">
http://deployingradius.com</a> - The web site of the book<br><a href="http://deployingradius.com/blog/">http://deployingradius.com/blog/</a> - The blog<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a><br></blockquote></div><br>