LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   pam radius authentication (https://www.linuxquestions.org/questions/linux-security-4/pam-radius-authentication-495115/)

danieldinu 10-24-2006 09:10 AM

pam radius authentication
 
Hello!

I try to authenticate ssh users logins using pam_radius_auth.so.
On my RedHat 9 I have the following setup:
- freeradius server
- users file:
test Auth-Type := Local, User-Password == "test"

- clients.conf
client 127.0.0.1 {
secret = secret
shortname = localhost
}

-pam radius module
- cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_radius_auth.so debug
auth required /lib/security/pam_unix_auth.so
account required pam_radius_auth.so debug
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
-cat /etc/raddb/server
127.0.0.1 secret 1


- pam_radius_auth.so is copied in /lib/security
-I created linux user test with home directory /home/test , without setting up a
password
- freeradius started with radiusd -X

Problem is that, when I trie to connect to this machine using ssh, the radius se
rver receives the request, processes it, sends access-accept, but the ssh sessio
n is ended, without the user being really logged in !!! I don't know the reason
why the user gets rejected...

tail -f /var/log/secure
Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: DEBUG: getservbyname(radi
us, udp) returned 1108551052.
Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: Got RADIUS response code
2
Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: authentication succeeded
Oct 12 11:06:27 D-Server sshd[26585]: Accepted password for test from 10.243.30.
42 port 2847 ssh2
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got user name test
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Sending RADIUS request co
de 1
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: DEBUG: getservbyname(radi
us, udp) returned 1108551052.
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got RADIUS response code
2
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: authentication succeeded
Oct 12 11:28:30 D-Server sshd[26590]: Accepted password for test from 10.243.30.
42 port 2881 ssh2

from radiusd -X :
rad_recv: Access-Request packet from host 127.0.0.1:27615, id=253, length=97
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "sshd"
NAS-Port = 26590
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "512wyse83.cosmote.rom"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry test at line 80
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 253 to 127.0.0.1 port 27615
Finished request 0

thank you!

wildchief 07-17-2009 01:31 PM

this might help
 
Hello,

This here might help

http://www.davidstclair.co.uk/Radius...-login-Centos5

its centos but not far off want you want i think

cheers

win32sux 07-17-2009 01:56 PM

wildchief, although I'm sure your intentions are noble, we really don't like to see dead threads be resurrected. You can have a more positive impact by helping members who are in current need of assistance.


All times are GMT -5. The time now is 06:50 PM.