FreeRadius, Pam authentication issue ...

Le Gal Philippe Philippe.LeGal at emea.eu.int
Mon Jan 16 19:39:46 CET 2006


Hi !
 
I was asked to create a network based authentication system for the linux servers of my company. 
i have chosen radius and the FreeRadius server to authenticate Admins/ DBAs/Developers on the servers.
 
I'm using FreeRadius server and pam_radius authentication on the servers I want to autheticate the users on.
 
I have created a default account :
 
login : test
paswd : test 
 
on the radius server
 
As advised I ran the FreeRasius server in the debug mode. The following shows the last lines once I have started the server :
 
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
 
I have configured my PAM module sshd in /etc/pam.d/ssh to be (on the machines I want to be authenticate):
 
#%PAM-1.0
auth       sufficient    /lib/security/pam_radius_auth.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so

I try so ssh to the box I want to be authenticated on : 
 
ssh test at machine_of_the_test
 
The login name I used is : test
passwd : test
 
But when I see the incoming request, I can't see that the login name is "test" but is : User-Name = "NOUSER"

What's wrong ?
 
Thank you for your help
 
Phil
 
 

rad_recv: Access-Request packet from host 172.16.51.67:18299, id=22, length=91
        User-Name = "NOUSER"
        User-Password = "test"
        NAS-IP-Address = 127.0.0.1
        NAS-Identifier = "sshd"
        NAS-Port = 17274
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only
        Calling-Station-Id = "192.168.60.76"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "NOUSER", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: group authenticate returns notfound for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 22 to 172.16.51.67:18299
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 22 with timestamp 43cbe46d
Nothing to do.  Sleeping until we see a request.
 
 

Philippe LE GAL 

Email:  <mailto:Philippe.LeGal at emea.eu.int> Philippe.LeGal at emea.eu.int


________________________________________________________________________
This e-mail has been scanned for all known viruses by EMEA.
________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060116/c18490e0/attachment.html>


More information about the Freeradius-Users mailing list