Linux PAM Authentication failed: Non-Local users
Anand Neeli
anand.neeli at gmail.com
Thu Jun 29 17:37:20 CEST 2017
> And even if you did get that fixed, PAM doesn't support UID / GID / etc.
So using RADIUS to authenticate random users still won't work.
Is there any workaround or any other way to fix this?
is this a drawback with linux pam?
Thanks,
Anand Neeli
On Thu, Jun 29, 2017 at 7:57 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Jun 29, 2017, at 9:48 AM, Anand Neeli <anand.neeli at gmail.com> wrote:
> >
> > Hello
> > But couldnt search the mailing list. Can anyone please show pointers
> > or answer this?
> > I'm trying to perform Radius based authentication of any guest user
> > using Linux PAM module 1.0
>
> The one thing you need to know is that PAM does name/password checking
> only.
>
> You still need something else to supply UID / GID / home directory, etc.
>
> > 1. If user A (locally configured in Linux M/C) tries to login, then
> > Linux PAM gets the user/password information and send it to radius
> > server. Radius Server authenticates the user/password in its database
> > and sends successful acknowledgement to linux m/c. User is allowed to
> > login.
> > 2. If user B (not configured in Linux M/C) login, then
> > Authentication is being rejected by Radius Server. Radius Server logs
> > are showing that password in either malformed/incorrect
>
> No. It's showing that the password is this:
>
> > User-Password = "\010\n\INCORRECT"
>
>
> i.e. the PAM RADIUS module gets *that string* as the password, and sends
> it to the RADIUS server.
>
> The issue is that *another* PAM module is checking for local users, and
> mashing the password to that string if the user isn't found.
>
> And even if you did get that fixed, PAM doesn't support UID / GID /
> etc. So using RADIUS to authenticate random users still won't work.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
More information about the Freeradius-Users
mailing list