pam radius authentication
Hello!
I try to authenticate ssh users logins using pam_radius_auth.so. On my RedHat 9 I have the following setup: - freeradius server - users file: test Auth-Type := Local, User-Password == "test" - clients.conf client 127.0.0.1 { secret = secret shortname = localhost } -pam radius module - cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so account required pam_radius_auth.so debug password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_limits.so session optional pam_console.so -cat /etc/raddb/server 127.0.0.1 secret 1 - pam_radius_auth.so is copied in /lib/security -I created linux user test with home directory /home/test , without setting up a password - freeradius started with radiusd -X Problem is that, when I trie to connect to this machine using ssh, the radius se rver receives the request, processes it, sends access-accept, but the ssh sessio n is ended, without the user being really logged in !!! I don't know the reason why the user gets rejected... tail -f /var/log/secure Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: DEBUG: getservbyname(radi us, udp) returned 1108551052. Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: Got RADIUS response code 2 Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: authentication succeeded Oct 12 11:06:27 D-Server sshd[26585]: Accepted password for test from 10.243.30. 42 port 2847 ssh2 Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got user name test Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Sending RADIUS request co de 1 Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: DEBUG: getservbyname(radi us, udp) returned 1108551052. Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got RADIUS response code 2 Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: authentication succeeded Oct 12 11:28:30 D-Server sshd[26590]: Accepted password for test from 10.243.30. 42 port 2881 ssh2 from radiusd -X : rad_recv: Access-Request packet from host 127.0.0.1:27615, id=253, length=97 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "sshd" NAS-Port = 26590 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = "512wyse83.cosmote.rom" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry test at line 80 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 253 to 127.0.0.1 port 27615 Finished request 0 thank you! |
this might help
Hello,
This here might help http://www.davidstclair.co.uk/Radius...-login-Centos5 its centos but not far off want you want i think cheers |
wildchief, although I'm sure your intentions are noble, we really don't like to see dead threads be resurrected. You can have a more positive impact by helping members who are in current need of assistance.
|
All times are GMT -5. The time now is 06:50 PM. |