No subject
Hailun Tan
dearambermini at gmail.com
Tue Jun 26 03:09:49 CEST 2018
> The replies kept saying modifying PAM modules instead of
> pam_radius_auth.so. But to be honest, the pam_radius_auth.c is one of the
> customized PAM modules. If pam_radius_auth.so is not the one to be
> modified, which one should be? No one has ever given any answers to
that...
The answers in the link you posted are pretty clear.
===================
I do not think the answer in the previous link was clear.
The only viable solution in the link above is that having another local
user with the same name then it will fix the problem. Yes, it does fix the
problem. But what is the point to have radius server if a local user is
required for radius to work? Considering that there are thousands of
radius clients to hookup with one radius server, having a local user for
each of these clients for such user to work does not make sense.
My question is very clear. If pam_radius_auth.so is not the one to be
fixed, which other pam module should be fixed? At least you can provide a
way for us to check which PAM module is failing so that we can check. I
have even tried to disable ALL the pam module in /etc/pam.d/sshd except
pam_radius_auth.so but I cannot even log in the ubuntu if i did that :( So
that is the most difficult part to troubleshoot with PAM.
On Tue, Jun 26, 2018 at 10:51 AM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Jun 25, 2018, at 8:10 PM, Hailun Tan <dearambermini at gmail.com> wrote:
> >
> > I think my problem is related to the following thread a couple of years
> ago:
> >
> > http://freeradius.1045715.n5.nabble.com/ssh-authentication-
> failed-problem-use-freeradius-amp-pam-radius-td5687733.html
> >
> > However, in the link above, no one has ever mentioned how to configurate
> > PAM to read the password from the conversation function correctly?
>
> You don't.
>
> The problem is that ANOTHER PAM module is failing. So the PAM libraries
> are mangling the password.
>
> There is NOTHING you can do to FreeRADIUS or pam_radius_auth to fix the
> problem.
>
> You MUST modify the PAM configuration on the client machine to remove
> the problem PAM module.
>
> > The replies kept saying modifying PAM modules instead of
> > pam_radius_auth.so. But to be honest, the pam_radius_auth.c is one of the
> > customized PAM modules. If pam_radius_auth.so is not the one to be
> > modified, which one should be? No one has ever given any answers to
> that...
>
> The answers in the link you posted are pretty clear.
>
> > I hate asking the same question repeatedly. However, unless a viable
> > solution is given, these question will keep popping back to the mail
> list.
> > So for those free radius gurus, please advise how to fix it even though
> it
> > might not directly be related to free radius.
>
> Fix the PAM configuration on the client. The link you posted says this.
>
> How to fix it? I don't know... go ask the PAM people how their software
> works.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list