Linux PAM Authentication failed: Non-Local users
Alan DeKok
aland at deployingradius.com
Thu Jun 29 16:27:12 CEST 2017
On Jun 29, 2017, at 9:48 AM, Anand Neeli <anand.neeli at gmail.com> wrote:
>
> Hello
> But couldnt search the mailing list. Can anyone please show pointers
> or answer this?
> I'm trying to perform Radius based authentication of any guest user
> using Linux PAM module 1.0
The one thing you need to know is that PAM does name/password checking only.
You still need something else to supply UID / GID / home directory, etc.
> 1. If user A (locally configured in Linux M/C) tries to login, then
> Linux PAM gets the user/password information and send it to radius
> server. Radius Server authenticates the user/password in its database
> and sends successful acknowledgement to linux m/c. User is allowed to
> login.
> 2. If user B (not configured in Linux M/C) login, then
> Authentication is being rejected by Radius Server. Radius Server logs
> are showing that password in either malformed/incorrect
No. It's showing that the password is this:
> User-Password = "\010\n\INCORRECT"
i.e. the PAM RADIUS module gets *that string* as the password, and sends it to the RADIUS server.
The issue is that *another* PAM module is checking for local users, and mashing the password to that string if the user isn't found.
And even if you did get that fixed, PAM doesn't support UID / GID / etc. So using RADIUS to authenticate random users still won't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list