Re: ssh cleartext-password "? INCORRECT" (Alan DeKok)
------------------------------
Message: 4 Date: Wed, 19 Nov 2008 10:49:06 -0600 From: Alan DeKok <aland@deployingradius.com> Subject: Re: ssh cleartext-password "? INCORRECT" To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <49244382.5090801@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1
David Ly wrote:
Here is the relavent part of the log from radiusd -X Using 'radtest steve testing localhost 10 testing123'
You've done some *very* weird editing or reformatting of the log. That makes it more difficult to understand.
Using 'ssh steve@localhost' password: testing
rad_recv: Access-Request packet from host 127.0.0.1 port 26561, id=106, length=83 User-Name = "steve" User-Password = "\010\n\r\177INCORRECT" ****
Ah, yes. That's a PAM feature, I think. Or maybe SSH. It replaces the password the user entered with that string. Why? Damned if I know.
I'd suggest asking the PAM people how to configure the system so that it doesn't mangle the password.
In any case, this is what the RADIUS server receives, so there is *nothing* you can do to the RADIUS server to solve the problem.
And the PAM RADIUS module doesn't do this stupid rewriting. So there's nothing you can do to that module, either.
Alan DeKok.
I manged to find the problem, as you said, it WASNT the server but rather the PAM module that was causing this. It required a local user account (set with a blank password). As to why it needs that, I have no idea, but thats that. Thanks for the help, and I hope that others who come across this can avoid the grueling two days of troubleshooting and tinkering. Once agian thanks to all. Cheers David Ly
participants (1)
-
David Ly