PAM_RADIUS_AUTH.so refuses to work on some machines

Christiaan Ehlers Christiaan.Ehlers at inclarity.co.uk
Mon Jun 20 18:51:46 CEST 2005


Hi
 
I have installed pam_radius_auth to work on Redhat 7.3 and it seems to work
fine.  I then installed (compiled) it on a Redhat 9 box and it seems to be
behaving quite strange.
 
My pam.d/sshd file looks like this
 
#%PAM-1.0
auth      sufficient   pam_radius_auth.so debug
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    sufficient   pam_radius_auth.so debug
session    required     pam_stack.so service=system-auth
session    required     pam_limits.so
session    optional     pam_console.so
 
The session (accounting) part of pam_radius_auth seems to work fine.  I can
see packets going to the radius server when I do a tcpdump on the client
machine.   This only works when I hash out the first line "auth
sufficient   pam_radius_auth.so debug".
 
 
When the first line is not hasshed the authentication kicks in and nothing
happens when I enter a username and password.  I set tcpdump to sniff for
all packets going to the radius server but there is nothing.
 
My logs look like this.
Jun 20 17:12:01 finpapp01 sshd[6881]: pam_radius_auth: Got user name root
Jun 20 17:12:23 finpapp01 sshd[6887]: pam_radius_auth: Got user name test
Jun 20 17:14:00 finpapp01 sshd[7161]: pam_radius_auth: Got user name test
Jun 20 17:18:14 finpapp01 sshd[7673]: Failed password for test from
172.31.1.101 port 2276
Jun 20 17:18:45 finpapp01 sshd[7780]: Accepted password for root from
172.31.1.101 port 2277
Jun 20 17:18:45 finpapp01 sshd[7780]: pam_radius_auth: DEBUG:
getservbyname(radacct, udp) returned 1108551052. 
Jun 20 17:18:48 finpapp01 sshd[7780]: pam_radius_auth: RADIUS server
172.31.10.1 failed to respond
Jun 20 17:18:48 finpapp01 sshd[7780]: pam_radius_auth: All RADIUS servers
failed to respond.
Jun 20 17:22:26 finpapp01 sshd[8216]: pam_radius_auth: Got user name test
Jun 20 17:24:50 finpapp01 sshd[8541]: pam_radius_auth: Got user name root
Jun 20 17:28:40 finpapp01 sshd[8978]: Accepted password for root from
172.31.1.120 port 1916 ssh2
 
When I try and log into the box, the only info that pam_radius_auth give to
the log is the "Got user name xxxx" message.
 
What would the right syntax be for a strace command to trace this?
 
So far I have recompiled, copy bin from other machines but nothing seems to
work.
 
Kind Regarsd
Christiaan Ehlers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050620/13cbefc5/attachment.html>


More information about the Freeradius-Users mailing list