Questions pam_radius and accounting logs

Alan DeKok aland at
Mon Jul 24 18:15:44 CEST 2017

On Jul 24, 2017, at 11:34 AM, Junk XL via Freeradius-Users <freeradius-users at> wrote:
> I am trying to utilize the pam_radius client (1.4.0) on several RHEL 6 servers for authentication and accounting with ssh and sudo, against a Cisco ACS (ver 5.5)

  That should work.  It' just RADIUS.

> The authentication works as expected for both, however i am not seeing what i would expect in the accounting. 
> My first question is, is there a setting that i am missing that enables pam_radius to send the full accounting back to the ACS?


> I do see the start/stop packets, however i only ever see the "sudo" issued as a NAS identifier, and never anything else.

  Because PAM doesn't do that.  PAM just does login, logout, and session times.  PAM doesn't get called every time the user runs a command.

> Am i just incorrect in my assumptions on what i think i should be seeing with the accounting?

  I don't know what you think you should be seeing.  You haven't said what you expect to see.

> I know with other devices, I can see the full accounting commands issued, but i do not know if that is a limitation with Linux and pam_radius, or if i have something set incorrectly.

  What are "full accounting commands"?

  If you expect to see every command run by the user, it won't work.  PAM doesn't do that.  No amount of poking pam_radius will make it work.

  Alan DeKok.

More information about the Freeradius-Users mailing list