Hi, I can authenticate using Kerberos, by running radius in debugging mode. I can see that I get Access-Accept packet but SSH doesn't gets logged in. I get following in /var/log/messages pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -562132672. pam_radius_auth: RADIUS server 127.0.0.1 failled to respond pam_radius_auth: All RADIUS servers failed to respond. The file /etc/pam.d/sshd #%PAM-1.0 auth required pam_sepermit.so auth sufficient pam_radius_auth.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session optional pam_keyinit.so force revoke session include password-auth It seems to work fine but every now and then it just breaks. Regards, Ahmed. -- Scanned by iCritical.
Hi,
pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -562132672. pam_radius_auth: RADIUS server 127.0.0.1 failled to respond pam_radius_auth: All RADIUS servers failed to respond.
is the RADIUS server actually running when you are trying this? what does /etc/pam_radius_auth.conf (or wherever the config lives) look like? alan
Do you mean the server file? Its /etc/raddb/server 127.0.0.1 testing123 3 I run the server in debugging mode using -X. Regards, Ahmed. -----Original Message----- From: freeradius-users-bounces+ahmed.sajid=stfc.ac.uk@lists.freeradius.org [mailto:freeradius-users-bounces+ahmed.sajid=stfc.ac.uk@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk Sent: 20 February 2013 12:01 To: FreeRadius users mailing list Subject: Re: Radius server failed to respond Hi,
pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -562132672. pam_radius_auth: RADIUS server 127.0.0.1 failled to respond pam_radius_auth: All RADIUS servers failed to respond.
is the RADIUS server actually running when you are trying this? what does /etc/pam_radius_auth.conf (or wherever the config lives) look like? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Scanned by iCritical.
On 20/02/13 11:53, ahmed.sajid@stfc.ac.uk wrote:
Hi,
I can authenticate using Kerberos, by running radius in debugging mode. I can see that I get Access-Accept packet but SSH doesn’t gets logged in.
I get following in /var/log/messages
pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -562132672.
You have underlying problems with NSS, which means get*() libc calls are sporadically failing. This is not a RADIUS problem; ensure your system can reliably make name/service resolution calls. If you are using nss_ldap, perhaps ensure it's not enabled for "services"; there's no value in doing these over the network.
Hi Phil, That could be the problem. I am using LDAP to get user information. getent passwd works okay everytime.... I have system to use LDAP for accounting. Do I have to set it up in FreeRadius as well? Or shall I do either or? Regards, Ahmed. -- Scanned by iCritical.
On 20/02/13 13:08, ahmed.sajid@stfc.ac.uk wrote:
Hi Phil,
That could be the problem.
I am using LDAP to get user information. getent passwd works okay everytime.... I have system to use LDAP for accounting. Do I have to set it up in FreeRadius as well? Or shall I do either or?
I don't understand any of that, I'm afraid. The log you posted shows pam_radius failing because getservbyname() failed. getservbyname() uses NSS. Fix NSS to be reliable and this error will go away. This is not a RADIUS problem. You should just remove "ldap" from "services" in /etc/nsswitch.conf - it's pointless and unhelpful. But it's not a RADIUS problem, and thus OT for this list.
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
ahmed.sajid@stfc.ac.uk -
Phil Mayers