pam_radius: mutiple bad logins hitting radius server
Alan DeKok
aland at deployingradius.com
Wed Apr 25 08:47:31 CEST 2007
J S wrote:
>
> I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend
> that authenticates to an MS AD server.
> I'm running into an issue where a user will fail a single login attempt
> (one username/password challenge with a bad password) and the ACS will
> record 3 attempts from the client (the Solaris 10 server). after a
> single attempt (or a valid login with a local password) the 3 fails
> bollixes up the AD login attempts and locks the user out. Am I missing a
> compile option to only attempt a single RADIUS login per authentication
> or do I possible have pam.conf misconfigured. I use sshd-kbdint and
> sshd-password with the same results. Otherwise the system works well.
The module will re-send the request if it doesn't get a response from
the RADIUS server. Or, if the response is sent from the wrong IP (i.e.
the RADIUS server has multiple IP's). Or, if the shared secret is
incorrect.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list