ssh, pam, radius not playing nicely
Miles O'Neal
meo at intrinsity.com
Wed Oct 17 23:31:09 CEST 2007
We are trying to set up and ssh server and a VPN server to
both use the same radius server. We are currently using
freeradius-1.0.1-3 with EL4.4 . It works fine with our
Cisco 3015 VOPN concentrator. It's not working so well
with our EL4.4-based ssh server.
I doanloaded the pam_radius_auth source and built and
installed per http://www.hoei.com/2007/09/linux-sshd-authentication-to-external-radius/
and the INSTALL file that came with the software. I
can get radtest to work just fine from the ssh system,
but when I try to authenticate via ssh onto that system,
it fails.
Running debug on the server, I was seeing this:
User-Password = "\010\n\rINCORRECT"
I found something on the list saying this could happen
if the user wasn't in the passwd file on the ssh box.
I added the user there:
meo:x:9999:100::/home/meo:/bin/tcsh
and now the radius server is happy. It claims to be
authenticating OK (we use shadow passwd on the radius
server, but I did not make shadow entries on the ssh
box), but the ssh login fails.
Any ideas?
Thanks,
Miles
More information about the Freeradius-Users
mailing list