help w/ pam_radius_auth
Hello, I am new to the list and a newbie on RADIUS. My problem is not directly related to using freeradius, but rather accessing a RADIUS server via the pam_radius_auth module. Since this module seems to be supported/maintained under freeradius, I hope to get some help from the list members. I have a (cistron-based, running on an Ubuntu box) RADIUS server configured w/ IP address 192.168.200.1. Under "users" file, there is a default entry to authenticate users against the system /etc/passwd file. Under "clients" file, there is an entry for IP address 192.168.200.10 w/ a shared secret "somesecret". There is a user "gakkor" w/ password "dummy" in the /etc/passwd file in the box that the server resides. I am running the server in debug mode "/usr/sbin/radiusd -sfxxyz -l stdout" I have a client machine, running a Linux based system. If I use the test client "radtest" w/ #> radtest gakkor dummy 192.168.200.1 101 somesecret everything works fine. I get the following debug output from the server: radrecv: Packet from host 192.168.200.10 code=1, id=219, length=58 User-Name = "gakkor" User-Password = "\326)\312g\tEL\351\033\031\271\234vmE\206" NAS-IP-Address = 192.168.200.10 NAS-Port = 101 users: Matched DEFAULT at line 136 auth: System Sending Ack of id 219 to 192.168.200.10 Login OK: [gakkor/dummy] (from nas nas1/S101) Now, instead of the radtest, I want to use an application called "authmanager" which makes a call to the pam_sm_authenticate method of the pam_radius_auth module, with the same username/password. The "server" file under /etc/raddb (on client side) has an entry "192.168.200.1 somesecret". So, the shared secrest are the same both for the client and server. The /etc/pam.conf file has an entry authmanager auth required /usr/lib/pam_radius_auth.so skip_passwd However, I see that the password sent to the server becomes garbled and authentication fails. Here is the output from the server in this scenario.... radrecv: Packet from host 192.168.200.10 code=1, id=94, length=79 User-Name = "gakkor" User-Password = "b\364f\330\214\250\271\274\"G\2258\371\217\\\330" NAS-IP-Address = 192.168.200.10 NAS-Identifier = "authmanager" NAS-Port = 229 NAS-Port-Type = Virtual Service-Type = Authenticate-Only users: Matched DEFAULT at line 136 auth: System Sending Reject of id 94 to 192.168.200.10 Login incorrect: [gakkor/];:/A@] (from nas nas1/S229) Notice, that the debug output has unprintable characters for password... The syslog message on the client side says: pam_radius_auth: packet from RADIUS server 192.168.200.1 fails verification: The shared secret is probably incorrect. This seems like a problem with the MD5 hashing or byte-order. The client and server both are little-endian. And as far as I can tell from the PAM module code that the default case id also litle-endian as far as the byte-order is concerned. Any suggestions as to where I might be going wrong? Thanks in advance, Gun Akkor Staff Scientist, Patton Electronics, Co. Gaithersburg, MD gakkor AT patton DOT com
participants (1)
-
Gun Akkor