Hi,<br><br>I'm trying to get the the pam radius module to work.<br>I've built a test radius server (FreeRADIUS Version 2.1.9) and I've setup a linux box with the pam radius module (1.3.17)<br><br><br>The server seems to be setup properly to authenticate users:<br>
<br># radtest testing password 127.0.0.1 0 testing123<br>Sending Access-Request of id 87 to 127.0.0.1 port 1812<br> User-Name = "testing"<br> User-Password = "password"<br> NAS-IP-Address = 127.0.1.1<br>
NAS-Port = 0<br>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=87, length=20<br><br><br>I have the following config on the server to correspond to my pam radius client:<br><br>clients.conf:<br>client testclient1 {<br>
ipaddr = CLIENTIP<br><br> secret = testing123<br><br> require_message_authenticator = no<br><br> shortname = testc1<br><br> nastype = other # localhost isn't usually a NAS...<br>
<br>}<br><br>And on the client (using pam_radius_auth) I have the following in /etc/raddb/server:<br><br># server[:port] shared_secret timeout (s)<br>SERVERIP testing123 4<br><br>Now, when I try to authenticate my pam radius client, I get this in the client logs:<br>
<br>Jul 22 10:22:45 (none) pamtest: pam_radius_auth: Got user name testing<br>Jul 22 10:22:54 (none) pamtest: pam_radius_auth: Sending RADIUS request code 1<br>Jul 22 10:22:54 (none) pamtest: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 267885588.<br>
Jul 22 10:22:55 (none) pamtest: pam_radius_auth: packet from RADIUS server SERVERIP fails verification: The shared secret is probably incorrect.<br>Jul 22 10:22:55 (none) pamtest: pam_radius_auth: All RADIUS servers failed to respond.<br>
Jul 22 10:22:55 (none) pamtest: pam_radius_auth: authentication failed<br><br><br>And I get this on the radius server (running in debug mode, i.e. radiusd -X)<br>rad_recv: Access-Request packet from host CLIENTIP port 18580, id=32, length=72<br>
User-Name = "testing"<br> User-Password = "\237TqI\3335Q\231\025O\020bw\021;\362"<br> NAS-Identifier = "other"<br> NAS-Port = 17555<br> NAS-Port-Type = Virtual<br> Service-Type = Authenticate-Only<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "testing", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>[eap] No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[unix] returns notfound<br>[files] users: Matched entry testing at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>
++[logintime] returns noop<br>++[pap] returns updated<br>Found Auth-Type = PAP<br>+- entering group PAP {...}<br>[pap] login attempt with password "?TqI�5Q??O?bw?;<br>[pap] Using clear text password "password"<br>
[pap] Passwords don't match<br>++[pap] returns reject<br>Failed to authenticate the user.<br> WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!<br>Using Post-Auth-Type Reject<br>
+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> testing<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 0 for 1 seconds<br>
Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 32 to CLIENTIP port 18580<br>Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 32 with timestamp +24<br>
Ready to process requests.<br><br><br>Now obviously is says there's a problem with the secret, but I believe I've setup the secret correctly in the configs I've shown above.<br>Does anybody have any ideas what I'm doing wrong? <br>
<br>Thanks.<br> <br><br><br>