<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"> <title></title> </head> <body text="#000000" bgcolor="#ffffff"> Are you getting the <pre wrap="">ERROR reading %s, line %d: Could not read hostname or secret\n"</pre> Line? You have that just inside of an if () block, but nothing in the "else" side of things. We may be getting somewhere :) . Put another log line in the "else" section printing the hostname, the secret, and the timeout just to verify that it is reading the line in your config file properly. We're getting close! Joe Fatemeh Taj wrote: <blockquote type="cite" cite="mid20040602042720.23452.qmail@web51502.mail.yahoo.com"> <pre wrap="">Joe, I did what you said, it seems that there is a non-ending while loop here (for me) and the last error I see is what I have printed below (socket23). It gets the username and goes to this loop and never comes out to get the password. Can you help me? Thanks Fatemeh Taj while (!feof(fserver) && (fgets (buffer, sizeof(buffer), fserver) != (char*) NULL) && (!ferror(fserver))) { line++; p = buffer; /* * Skip blank lines and whitespace */ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\r') || (*p == '\n'))) p++; /* * Nothing, or just a comment. Ignore the line. */ if ((!*p) || (*p == '#')) { continue; } timeout = 3; if (sscanf(p, "%s %s %d", hostname, secret, &timeout) < 2) { _pam_log(LOG_ERR, "ERROR reading %s, line %d: Could not read hostname or secret\n", conf_file, line); continue; /* invalid line */ } else { /* read it in and save the data */ radius_server_t *tmp; tmp = malloc(sizeof(radius_server_t)); if (server) { server->next = tmp; server = server->next; } else { conf->server = tmp; server= tmp; /* first time */ } /* sometime later do memory checks here */ server->hostname = strdup(hostname); server->secret = strdup(secret); server->accounting = accounting; server->port = 0; if ((timeout < 1) || (timeout > 60)) { server->timeout = 3; } else { server->timeout = timeout; } server->next = NULL; } _pam_log(LOG_ERR, "Unable to open socket23: %s\n", strerror(errno)); } _pam_log(LOG_ERR, "Unable to open socket24: %s\n", strerror(errno)); fclose(fserver); --- Joe Lewis <a class="moz-txt-link-rfc2396E" href="mailto:joe@joe-lewis.com"><joe@joe-lewis.com></a> wrote: </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">Joe As I said: Also I know that this machine can </pre> <blockquote type="cite"> <pre wrap="">establish radius connection (udp/1812) to the radius server. I tried it using nc command. </pre> </blockquote> </blockquote> <pre wrap="">Sorry about that. Sometimes I read WAY to quickly. </pre> <blockquote type="cite"> <pre wrap="">Using nc command I could establich udp connection </pre> </blockquote> <pre wrap="">to </pre> <blockquote type="cite"> <pre wrap="">1812 port and the firewall permits the connection. It's not a network problem :( </pre> </blockquote> <pre wrap="">Okay. After the module prints "Got user name %s", it calls a function initialize(). This function get's the IP address of the host to contact for the radius information. If it returns any PAM_* errors, the module will quit right there. However, if it continues on, there is the next step of checking for the service name or the client_id - if both of those fail, the module will quit. At this point, an open socket should be connected to the Radius server, and the module set's up the Radius packet. But it won't quit here. It grabs the password, and then determines if it fails. If it does not, you should see a debug message stating "Got password %s". So, in this process, there are actually a multitude of ways that this could be "malfunctioning". If it can't find the /etc/raddb/servers file, it will complain and log it. So, obviously, you DO have the file and it is in the right place. In addition, in the initialize function, it checks for server configs, and that is working fine. Then it opens the socket. If it fails to open the socket, IT SHOULD PRINT A LOG LINE. Now, I would suggest that you dump a couple of _pam_log(LOG_ERR, "Failed to open RADIUS socket: %s\n", strerror(errno)); lines throughout the code, primarily AFTER the initialize function exits, and then throughout the initialize function itself. This should help you pin point exactly what process is causing the problem. The other option is to run 'gdb' on it (attach it to the process after it is started). Try doing it in the "su" service, so that you can do most of the leg work on the command line. Then you can step through the process to figure out what is going on. Some time between printing "Got user name" and the next print functions, the module is doing something wrong. Let me know what you find. Joe </pre> <blockquote type="cite"> <pre wrap="">Joe As I said: Also I know that this machine can </pre> <blockquote type="cite"> <pre wrap="">establish radius connection (udp/1812) to the radius server. I tried it using nc command. </pre> </blockquote> <pre wrap="">Using nc command I could establich udp connection </pre> </blockquote> <pre wrap="">to </pre> <blockquote type="cite"> <pre wrap="">1812 port and the firewall permits the connection. It's not a network problem :( --Fatemeh --- Joe Lewis <a class="moz-txt-link-rfc2396E" href="mailto:joe@joe-lewis.com"><joe@joe-lewis.com></a> wrote: </pre> <blockquote type="cite"> <pre wrap="">Have you run network checks to ensure that ports </pre> </blockquote> </blockquote> <pre wrap="">are </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">being opened? You might have a firewall on the sending side, the recieving side, or somewhere in between that is causing problems. Telnet on the radius port and verify that you can get a connection. Joe </pre> <blockquote type="cite"> <pre wrap="">Dear All, I did install cyrus imapd 2.2.3 on redhat enterprise 3.Now I want authenticate users </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">trough </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">a </pre> <blockquote type="cite"> <pre wrap="">radius server.I have done it previously on </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">redhat </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">7.1 </pre> <blockquote type="cite"> <pre wrap="">and it works fine But now pam_radius does not </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">send </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">the </pre> <blockquote type="cite"> <pre wrap="">request to the radiusserver. Maybe here is not the proper place to ask this, but I </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">though </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">you </pre> <blockquote type="cite"> <pre wrap="">might have such experience. I have: --sasl_passwd_check=saslauthd </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">sasl_mech_list=PLAIN </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">--in /etc/pam.d/pop I have auth required /lib/security/pam_radius_auth.so </pre> </blockquote> <pre wrap="">debug </pre> <blockquote type="cite"> <pre wrap="">--and have configured /etc/raddb/server too and the permission is </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">755. </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">--Also /lib/security/pam_radius_auth.so is available too. (pam_radius 1.3.16)I ran </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">saslauthd </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">with </pre> <blockquote type="cite"> <pre wrap="">-a pam , it get the username but there is no sign of sending the request to radius </pre> </blockquote> <pre wrap="">server. </pre> <blockquote type="cite"> <pre wrap="">log: saslauthd[2859]: rel_accept_lock : released </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">accept </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">lock May22 saslauthd[2860]: get_accept_lock : </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">acquired </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">accept lock May 2212:06:56 test saslauthd[2859]: </pre> </blockquote> <pre wrap="">pam_radius_auth: </pre> <blockquote type="cite"> <pre wrap="">Got user name fatemehand nothing about sending request is found in log. With my tests I know that pam_radius_auth does </pre> </blockquote> <pre wrap="">read </pre> <blockquote type="cite"> <pre wrap="">the /etc/radd/server but does not send any </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">request </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">to </pre> <blockquote type="cite"> <pre wrap="">radius server. Also I know that this machine </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">can </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">establish radius connection (udp/1812) to the radius server. I tried it using nc command. </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">Any </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">comment is really appriciated. Please help. Thanks F. Taj P.S, I have asked it in cyrus imapd and cyrus </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">sasl </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap="">list too but no answer :( __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! </pre> </blockquote> </blockquote> </blockquote> <pre wrap="">Messenger. </pre> <blockquote type="cite"> <blockquote type="cite"> <blockquote type="cite"> <pre wrap=""><a class="moz-txt-link-freetext" href="http://messenger.yahoo.com/">http://messenger.yahoo.com/</a> _______________________________________________ Pam-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a> </pre> </blockquote> </blockquote> </blockquote> <pre wrap=""><a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pam-list">https://www.redhat.com/mailman/listinfo/pam-list</a> </pre> <blockquote type="cite"> <blockquote type="cite"> <pre wrap=""> Joe Lewis _______________________________________________ Pam-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pam-list">https://www.redhat.com/mailman/listinfo/pam-list</a> </pre> </blockquote> <pre wrap=""> __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. <a class="moz-txt-link-freetext" href="http://messenger.yahoo.com/">http://messenger.yahoo.com/</a> </pre> </blockquote> </blockquote> <pre wrap="">=== message truncated === __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. <a class="moz-txt-link-freetext" href="http://messenger.yahoo.com/">http://messenger.yahoo.com/</a> _______________________________________________ Pam-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pam-list">https://www.redhat.com/mailman/listinfo/pam-list</a> </pre> </blockquote> </body> </html>