On Jul 27, 2017, at 3:27 PM, Kalil de A. Carvalho <kalilac@gmail.com> wrote:
Here the parts of debug output that it is important, I think:
Yes.
"My *guess* is that the SSH session is set up to use PAM. And that PAM is mangling to the password to "invalid" or some such string." <- you ware right!
Received Access-Request Id 51 from IP_SOURCE:10722 to SERVER_RADIUS:1812 length 89 User-Name = 'bo01' User-Password = '\010\n\r\177INCORRECT'
As I said. The problem is in PAM. No amount of poking FreeRADIUS will make it work. One of the other PAM modules is failing to find the user locally, and is mangling the password to "INCORRECT". PAM *requires* that users have local accounts. i.e. UID, GID, shell, etc. PAM *cannot* authenticate users who don't have local accounts. PAM is only for doing remote password checks. Not for remotely creating users. Alan DeKok.