LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 10-24-2006, 10:10 AM   #1
danieldinu
LQ Newbie
 
Registered: Oct 2006
Posts: 9

Rep: Reputation: 0
pam radius authentication


Hello!

I try to authenticate ssh users logins using pam_radius_auth.so.
On my RedHat 9 I have the following setup:
- freeradius server
- users file:
test Auth-Type := Local, User-Password == "test"

- clients.conf
client 127.0.0.1 {
secret = secret
shortname = localhost
}

-pam radius module
- cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_securetty.so
auth sufficient pam_radius_auth.so debug
auth required /lib/security/pam_unix_auth.so
account required pam_radius_auth.so debug
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
-cat /etc/raddb/server
127.0.0.1 secret 1


- pam_radius_auth.so is copied in /lib/security
-I created linux user test with home directory /home/test , without setting up a
password
- freeradius started with radiusd -X

Problem is that, when I trie to connect to this machine using ssh, the radius se
rver receives the request, processes it, sends access-accept, but the ssh sessio
n is ended, without the user being really logged in !!! I don't know the reason
why the user gets rejected...

tail -f /var/log/secure
Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: DEBUG: getservbyname(radi
us, udp) returned 1108551052.
Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: Got RADIUS response code
2
Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: authentication succeeded
Oct 12 11:06:27 D-Server sshd[26585]: Accepted password for test from 10.243.30.
42 port 2847 ssh2
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got user name test
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Sending RADIUS request co
de 1
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: DEBUG: getservbyname(radi
us, udp) returned 1108551052.
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got RADIUS response code
2
Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: authentication succeeded
Oct 12 11:28:30 D-Server sshd[26590]: Accepted password for test from 10.243.30.
42 port 2881 ssh2

from radiusd -X :
rad_recv: Access-Request packet from host 127.0.0.1:27615, id=253, length=97
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "sshd"
NAS-Port = 26590
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "512wyse83.cosmote.rom"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry test at line 80
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 253 to 127.0.0.1 port 27615
Finished request 0

thank you!
 
Old 07-17-2009, 02:31 PM   #2
wildchief
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Rep: Reputation: 0
this might help

Hello,

This here might help

http://www.davidstclair.co.uk/Radius...-login-Centos5

its centos but not far off want you want i think

cheers
 
Old 07-17-2009, 02:56 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
wildchief, although I'm sure your intentions are noble, we really don't like to see dead threads be resurrected. You can have a more positive impact by helping members who are in current need of assistance.

Last edited by win32sux; 07-17-2009 at 02:58 PM.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User authentication through radius tiger3090 Linux - Networking 1 09-08-2005 05:16 AM
pam radius auth in slackware ?? Barx Slackware 1 04-30-2005 09:06 AM
PHP & Radius/PAM authentication etron Programming 1 10-16-2003 04:38 AM
Log into RedHat and authentication w/RADIUS webwar Linux - Networking 1 08-12-2003 12:00 PM
Log into RedHat and authentication w/RADIUS webwar Linux - Security 0 08-12-2003 11:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration