All, I got this working at the end of last year, but now I've having trouble. I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system. Im using the latest version of libpam-radius-auth (1.3.17-0ubuntu4) and have followed the readme along with many other explanations and can not get it working. I'm getting the same error even when I try on different VM's running different versions of Ubuntu. The error "PAM (sshd) illegal module type: auth" makes it sound like it does not support the auth method. Anyone else run into this? #cat pam_radius_auth.conf 10.1.1.1 sharedsec 3 #cat /etc/pam.d/sshd # PAM configuration for the Secure Shell service # Read environment variables from /etc/environment and # /etc/security/pam_env.conf. auth required pam_env.so # [1] # In Debian 4.0 (etch), locale-related environment variables were moved to # /etc/default/locale, so read that as well. auth required pam_env.so envfile=/etc/default/locale auth required /lib/security/pam_radius_auth.so debug # Standard Un*x authentication. #@include common-auth /var/log/auth.log Feb 12 13:28:48 T3500 sshd[13374]: PAM (sshd) illegal module type: auth Feb 12 13:28:48 T3500 sshd[13374]: PAM pam_parse: expecting return value; [...required ] Feb 12 13:28:50 T3500 sshd[13374]: Failed password for bob from 1.1.1.1 port 47653 ssh2 Feb 12 13:28:51 T3500 sshd[13374]: Connection closed by 1.1.1.1 [preauth]
On Tue, Feb 12, 2013 at 3:50 PM, T W <gqman10@yahoo.com> wrote:
All,
I got this working at the end of last year, but now I've having trouble. I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system. Im using the latest version of libpam-radius-auth (1.3.17-0ubuntu4) and have followed the readme along with many other explanations and can not get it working. I'm getting the same error even when I try on different VM's running different versions of Ubuntu. The error "PAM (sshd) illegal module type: auth" makes it sound like it does not support the auth method. Anyone else run into this?
Haven't run into what you've described, but we do use the RADIUS client PAM module as you've noted. Our /etc/pam.d/sshd looks like: # PAM configuration for the Secure Shell service # Read environment variables from /etc/environment and # /etc/security/pam_env.conf. auth required pam_env.so # [1] # In Debian 4.0 (etch), locale-related environment variables were moved to # /etc/default/locale, so read that as well. auth required pam_env.so envfile=/etc/default/locale auth sufficient pam_radius_auth.so # Standard Un*x authentication. #@include common-auth # Disallow non-root logins when /etc/nologin exists. account required pam_nologin.so # Uncomment and edit /etc/security/access.conf if you need to set complex # access limits that are hard to express in sshd_config. # account required pam_access.so # Standard Un*x authorization. @include common-account # Standard Un*x session setup and teardown. @include common-session # Print the message of the day upon successful login. # This includes a dynamically generated part from /run/motd.dynamic # and a static (admin-editable) part from /etc/motd. session optional pam_motd.so motd=/run/motd.dynamic noupdate session optional pam_motd.so # [1] # Print the status of the user's mailbox upon successful login. session optional pam_mail.so standard noenv # [1] # Set up user limits from /etc/security/limits.conf. session required pam_limits.so # Set up SELinux capabilities (need modified pam) # session required pam_selinux.so multiple # Standard Un*x password updating. @include common-password Hope that helps. -mz
T W wrote:
I got this working at the end of last year, but now I've having trouble. I'm setting up SSH access using RADIUS auth on a Ubuntu 12.10 system. Im using the latest version of libpam-radius-auth (1.3.17-0ubuntu4) and have followed the readme along with many other explanations and can not get it working. I'm getting the same error even when I try on different VM's running different versions of Ubuntu. The error "PAM (sshd) illegal module type: auth" makes it sound like it does not support the auth method. Anyone else run into this?
No idea. I'd suggest asking the PAM people. Alan DeKok.
participants (3)
-
Alan DeKok -
Matt Zagrabelny -
T W