EAP Submodule failed. PAM module issue.

Alan DeKok aland at deployingradius.com
Wed Sep 2 00:39:27 CEST 2020

On Sep 1, 2020, at 5:13 PM, HORMAZABAL PI´┐ŻONES BARBARA FRANCISCA <bhp001 at alumnos.ucn.cl> wrote:
>> So.... how did you configure FreeRADIUS to look for the realm "ucn.cl",
> > and use the correct PAM-Auth?  It would help to describe that.
> I am following an eduram based configuration which states that for each
> realm there should be a pam-imap file, pam-imap-radius, and users file for
> each. For example the file pam_imap.conf has this configuration:

  That doesn't really answer my question.  If I ask how did you configure *FreeRADIUS*, I don't need to see a bunch of configuration files for PAM.

  Creating solutions requires a methodical approach, and paying attention to details.

> While one of the users file is stated that it should look like this:
> test Realm == "ucn.cl", Cleartext-Password := "123456"
> DEFAULT Virtual-Server == inner-tunnel, Pam-Auth := "pam-imap-radius", Auth-
> Type = PAM

  Which sets PAM-Auth.  But not to "pam-imap-radius2", as the debug log shows.

  So which FreeRADIUS file did you change to set PAM-Auth to "pam-imap-radius2" ?

>> Which means that you can set PAM-Auth here, and set it to the correct
> value.
> Sorry, but can you please explain this more? should I just write
> "Auth-type: PAM" right after first_files?

  You posted a "users" file entry which sets PAM-Auth.   So... you know how to set PAM-Auth.

 And no, When I say "PAM-Auth", I don't mean "Auth-Type = PAM".

>> (7) pam: Using pamauth string "pam-imap-radius2" for pam.conf lookup
>> Where does that come from?
> I still don't know what is going with that. I'm still trying to check the
> pam config files.

  You posted a *FREERADIUS* debug output which showed that *FREERADIUS* was using "pam-imap-radius2".

  Search the *FREERADIUS* configuration files for that.  You should know which one.  It's not in the default configuration, which means you edited something, and added that.

  So... which file did you edit?

>  By the way I checked the logs in var/logs and this message appeared
> Sep  1 16:57:06 radius-wifi freeradius: PAM unable to dlopen(pam_imap.so):
> /lib/security/pam_imap.so: undefined symbol: pam_get_item
> Sep  1 16:57:06 radius-wifi freeradius: PAM adding faulty module:
> pam_imap.so

  Ask the PAM people how their software works.  We didn't write pam_imap, and we know nothing about it.

  Alan DeKok.

More information about the Freeradius-Users mailing list