On Sep 4, 2016, at 3:42 PM, Janis Heller <janis.heller@outlook.de> wrote:
I would like to use FreeRADIUS to handle all SSH logins to my servers. Of course a „emergency“ login with a user registered on the server should be possible too (in case of RADIUS server is offline etc.).
...
Now when I try to login as for example user test, the following code is shown at RADIUS debug:
Ready to process requests (10) Received Access-Request Id 151 from XY to XY:1812 length 90 (10) User-Name = "test" (10) User-Password = "\010\n\r\177INCORRECT"
You will note that isn't your password.
It seems like there is some kind of PAM module running before the RADIUS pam module. Any idea how to get this fixed? Looking into my sshd file of RADIUS I can’t see a pam module running before.
The user isn't available on the local system. PAM does passwords. It doesn't do UID, GID, shell, etc. When it notices that someone without a UID is logging in, it butchers the password with a very helpful (i.e. stupid) message. You will need to configure a local user. Then, authenticate that user via RADIUS. Alan DeKok.