Help w/ pam radius

Jeff Fishbaugh email.fish at gmail.com
Wed Dec 19 01:49:32 CET 2007


Seems like I am getting closer possibly, but I see an error in radius.log -- could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow.

Basically, I go to login to my pam_radius host, user exists in local password file with no pass, user/pass in RADIUS/LDAP, and when I login the SSH session immediately exits and I see the below in radius.log. If I use a login not in the local password file, but it is in RADIUS/LDAP then I get an access denied and no mention of the below error. 

I am not even starting TLS so why is it even complaining about it???  I am also curious what this means -- rlm_exec: Wait=yes but no output defined. Did you mean output=none?

Appreciate any help. Thanks!

Tue Dec 18 19:32:48 2007 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Tue Dec 18 19:32:48 2007 : Info: Ready to process requests.
Tue Dec 18 19:33:06 2007 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
Tue Dec 18 19:33:06 2007 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
Tue Dec 18 19:35:55 2007 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
Tue Dec 18 19:36:03 2007 : Error: rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow


  ----- Original Message ----- 
  From: Jeff Fishbaugh 
  To: freeradius-users at lists.freeradius.org 
  Sent: Tuesday, December 18, 2007 2:13 PM
  Subject: Help w/ pam radius


  Hello:

  I am having trouble getting pam_radius working and was wondering if someone might be of help since I followed the INSTALL instructions as well as a howto (as provided by the Wikid folks)  and I am still coming up short getting it working.

  Here are some of my details

  - My PAM is such it is by service (Fedora 7 -- 0.99.7.1-5.1)....sshd being what I am most interested in, the default config for it looks like the below on a host I want talking to radius. What does this need to look like in terms of the pam_radius_auth.so related stanzas to get it working? Neither the INSTALL instructions or a howto I found would work.

  /etc/pam.d/sshd (default below)

  #%PAM-1.0
  auth       include      system-auth
  account    required     pam_nologin.so
  account    include      system-auth
  password   include      system-auth
  session    optional     pam_keyinit.so force revoke
  session    include      system-auth
  session    required     pam_loginuid.so

  - My Radius box runs freeradius (freeradius-1.1.7-3.1) with LDAP (fedora-ds) backending it with the user/pass info, got it working for Cisco's but have yet to get PAM working.  I just get 'Access denied' -- tried the later with a user defined on the host with no password or with a password and won't work.

  Pretty simple, no huntgroups or anythig like that just plain and simple binding against LDAP.

  I think what I am looking for are...

  1- Pam configuration on the host (ie- /etc/pam.d/sshd)
  2- Pam configuration requirements as far as the radius server is concerned. Be helpful to see what all I might need that I am possibly missing in conf files.

  Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071218/168e9ff6/attachment.html>


More information about the Freeradius-Users mailing list