authentication request failed for SSH using freeradius server.
Alan DeKok
aland at deployingradius.com
Mon Jun 25 13:22:12 CEST 2018
On Jun 25, 2018, at 3:14 AM, Hailun Tan <dearambermini at gmail.com> wrote:
> I figured out why the server failed to respond..
>
> I need to set "require-message-authenticator = no" for that particular
> client IP address in the client.conf under /etc/freeradius on the server
> side.
That's the default, because many RADIUS clients don't send Message-Authenticator. The comments in the configuration file make this clear.
> However, there are still heaps of other issues after this one was shot down.
>
> Now it seems the password for the user cannot be passed to the radius
> server correctly when ssh was executed.
Because *another* PAM module is checking for the user, and failing. When it fails, the PAM code sets the password to "...INCORRECT"
There is *nothing* you can do to FreeRADIUS to fix this. You MUST fix the PAM configuration on your machine.
Alan DeKok.
More information about the Freeradius-Users
mailing list