pam_radius: mutiple bad logins hitting radius server
aland at deployingradius.com
Wed Apr 25 08:47:31 CEST 2007
J S wrote:
> I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend
> that authenticates to an MS AD server.
> I'm running into an issue where a user will fail a single login attempt
> (one username/password challenge with a bad password) and the ACS will
> record 3 attempts from the client (the Solaris 10 server). after a
> single attempt (or a valid login with a local password) the 3 fails
> bollixes up the AD login attempts and locks the user out. Am I missing a
> compile option to only attempt a single RADIUS login per authentication
> or do I possible have pam.conf misconfigured. I use sshd-kbdint and
> sshd-password with the same results. Otherwise the system works well.
The module will re-send the request if it doesn't get a response from
the RADIUS server. Or, if the response is sent from the wrong IP (i.e.
the RADIUS server has multiple IP's). Or, if the shared secret is
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users