authentication request failed for SSH using freeradius server.

Alan DeKok aland at deployingradius.com
Mon Jun 25 13:22:12 CEST 2018


On Jun 25, 2018, at 3:14 AM, Hailun Tan <dearambermini at gmail.com> wrote:
> I figured out  why the server failed to respond..
> 
> I need to set "require-message-authenticator = no" for that particular
> client IP address in the client.conf under /etc/freeradius on the server
> side.

  That's the default, because many RADIUS clients don't send Message-Authenticator.  The comments in the configuration file make this clear.

> However, there are still heaps of other issues after this one was shot down.
> 
> Now  it seems the password for the user cannot be passed to the radius
> server correctly when ssh was executed.

  Because *another* PAM module is checking for the user, and failing.  When it fails, the PAM code sets the password to "...INCORRECT"

  There is *nothing* you can do to FreeRADIUS to fix this.  You MUST fix the PAM configuration on your machine.

  Alan DeKok.




More information about the Freeradius-Users mailing list