pam_auth_radius
Marc Phillips
rmarc at copacetic.net
Fri Feb 18 02:51:56 CET 2011
Made a lot of progress on this today. I decided to use pam_sessionrun
for a POC rather than worry 'bout writing c code for user add/deletes.
It's working somewhat. pam_auth_radius (and perhaps pam in general, not
sure yet) seems to want the user to exist or it sends crap for the passwd
to radius.
Specifically:
Feb 17 19:21:22 mypocbox sshd[13804]: pam_radius_auth: Sending RADIUS request password ^M^?INCORRECT
So what happens is I created a prelogin event to run a useradd script before
it goes to the radius plugin. This works fine, but then sends crap to radius for the passwd.
If I kill that ssh session and try again, works fine since the user has been added by the previous session.
Hopefully tomorrow I'll solve that mystery, but if somebody has a clue as to why
pam_radius_auth sends crap to radius if the user doesn't exist on the machine that
would be useful information to have for my work tomorrow.
R. Marc
`
More information about the Freeradius-Users
mailing list