FreeRadius, Pam authentication issue ...
Le Gal Philippe
Philippe.LeGal at emea.eu.int
Mon Jan 16 19:39:46 CET 2006
Hi !
I was asked to create a network based authentication system for the linux servers of my company.
i have chosen radius and the FreeRadius server to authenticate Admins/ DBAs/Developers on the servers.
I'm using FreeRadius server and pam_radius authentication on the servers I want to autheticate the users on.
I have created a default account :
login : test
paswd : test
on the radius server
As advised I ran the FreeRasius server in the debug mode. The following shows the last lines once I have started the server :
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
I have configured my PAM module sshd in /etc/pam.d/ssh to be (on the machines I want to be authenticate):
#%PAM-1.0
auth sufficient /lib/security/pam_radius_auth.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
I try so ssh to the box I want to be authenticated on :
ssh test at machine_of_the_test
The login name I used is : test
passwd : test
But when I see the incoming request, I can't see that the login name is "test" but is : User-Name = "NOUSER"
What's wrong ?
Thank you for your help
Phil
rad_recv: Access-Request packet from host 172.16.51.67:18299, id=22, length=91
User-Name = "NOUSER"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "sshd"
NAS-Port = 17274
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.60.76"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "NOUSER", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 156
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns notfound for request 0
modcall: group authenticate returns notfound for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 22 to 172.16.51.67:18299
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 22 with timestamp 43cbe46d
Nothing to do. Sleeping until we see a request.
Philippe LE GAL
Email: <mailto:Philippe.LeGal at emea.eu.int> Philippe.LeGal at emea.eu.int
________________________________________________________________________
This e-mail has been scanned for all known viruses by EMEA.
________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060116/c18490e0/attachment.html>
More information about the Freeradius-Users
mailing list