pam_auth_radius

Marc Phillips rmarc at copacetic.net
Fri Feb 18 02:51:56 CET 2011


Made a lot of progress on this today.  I decided to use pam_sessionrun
for a POC rather than worry 'bout writing c code for user add/deletes.

It's working somewhat.  pam_auth_radius (and perhaps pam in general, not
sure yet) seems to want the user to exist or it sends crap for the passwd
to radius.

Specifically:

Feb 17 19:21:22 mypocbox sshd[13804]: pam_radius_auth: Sending RADIUS request password ^M^?INCORRECT

So what happens is I created a prelogin event to run a useradd script before
it goes to the radius plugin.  This works fine, but then sends crap to radius for the passwd.

If I kill that ssh session and try again, works fine since the user has been added by the previous session.

Hopefully tomorrow I'll solve that mystery, but if somebody has a clue as to why
pam_radius_auth sends crap to radius if the user doesn't exist on the machine that
would be useful information to have for my work tomorrow.

R. Marc

`



More information about the Freeradius-Users mailing list