On Jun 25, 2018, at 3:14 AM, Hailun Tan <dearambermini@gmail.com> wrote:
I figured out why the server failed to respond..
I need to set "require-message-authenticator = no" for that particular client IP address in the client.conf under /etc/freeradius on the server side.
That's the default, because many RADIUS clients don't send Message-Authenticator. The comments in the configuration file make this clear.
However, there are still heaps of other issues after this one was shot down.
Now it seems the password for the user cannot be passed to the radius server correctly when ssh was executed.
Because *another* PAM module is checking for the user, and failing. When it fails, the PAM code sets the password to "...INCORRECT" There is *nothing* you can do to FreeRADIUS to fix this. You MUST fix the PAM configuration on your machine. Alan DeKok.