pam_radius + saslauthd + cyrus imapd
Fatemeh Taj
fatemeh53 at yahoo.com
Wed Jun 2 04:29:07 UTC 2004
Joe,
I did what you said, it seems that there is a
non-ending while loop here (for me) and the last error
I see is what I have printed below (socket23). It gets
the username and goes to this loop and never comes out
to get the password.
Can you help me?
Thanks
Fatemeh Taj
while (!feof(fserver) &&
(fgets (buffer, sizeof(buffer), fserver) !=
(char*) NULL) &&
(!ferror(fserver))) {
line++;
p = buffer;
/*
* Skip blank lines and whitespace
*/
while (*p &&
((*p == ' ') || (*p == '\t') ||
(*p == '\r') || (*p == '\n'))) p++;
/*
* Nothing, or just a comment. Ignore the line.
*/
if ((!*p) || (*p == '#')) {
continue;
}
timeout = 3;
if (sscanf(p, "%s %s %d", hostname, secret,
&timeout) < 2) {
_pam_log(LOG_ERR, "ERROR reading %s, line %d:
Could not read hostname or secret\n",
conf_file, line);
continue; /* invalid line */
} else { /* read it in and save
the data */
radius_server_t *tmp;
tmp = malloc(sizeof(radius_server_t));
if (server) {
server->next = tmp;
server = server->next;
} else {
conf->server = tmp;
server= tmp; /* first time */
}
/* sometime later do memory checks here */
server->hostname = strdup(hostname);
server->secret = strdup(secret);
server->accounting = accounting;
server->port = 0;
if ((timeout < 1) || (timeout > 60)) {
server->timeout = 3;
} else {
server->timeout = timeout;
}
server->next = NULL;
}
_pam_log(LOG_ERR, "Unable to open socket23: %s\n",
strerror(errno));
}
_pam_log(LOG_ERR, "Unable to open socket24: %s\n",
strerror(errno));
fclose(fserver);
--- Joe Lewis <joe at joe-lewis.com> wrote:
>
> > Joe
> > As I said:
> > Also I know that this machine can
> >> establish radius connection (udp/1812) to the
> >> radius server. I tried it using nc command.
>
> Sorry about that. Sometimes I read WAY to quickly.
>
> > Using nc command I could establich udp connection
> to
> > 1812 port and the firewall permits the connection.
> > It's not a network problem :(
>
> Okay. After the module prints "Got user name %s",
> it calls a function
> initialize(). This function get's the IP address of
> the host to contact
> for the radius information. If it returns any PAM_*
> errors, the module
> will quit right there. However, if it continues on,
> there is the next
> step of checking for the service name or the
> client_id - if both of those
> fail, the module will quit. At this point, an open
> socket should be
> connected to the Radius server, and the module set's
> up the Radius packet.
> But it won't quit here. It grabs the password, and
> then determines if it
> fails. If it does not, you should see a debug
> message stating "Got
> password %s".
>
> So, in this process, there are actually a multitude
> of ways that this
> could be "malfunctioning". If it can't find the
> /etc/raddb/servers file,
> it will complain and log it. So, obviously, you DO
> have the file and it
> is in the right place. In addition, in the
> initialize function, it checks
> for server configs, and that is working fine. Then
> it opens the socket.
> If it fails to open the socket, IT SHOULD PRINT A
> LOG LINE. Now, I would
> suggest that you dump a couple of
>
> _pam_log(LOG_ERR, "Failed to open RADIUS socket:
> %s\n", strerror(errno));
>
> lines throughout the code, primarily AFTER the
> initialize function exits,
> and then throughout the initialize function itself.
> This should help you
> pin point exactly what process is causing the
> problem.
>
> The other option is to run 'gdb' on it (attach it to
> the process after it
> is started). Try doing it in the "su" service, so
> that you can do most of
> the leg work on the command line. Then you can step
> through the process
> to figure out what is going on. Some time between
> printing "Got user
> name" and the next print functions, the module is
> doing something wrong.
> Let me know what you find.
>
> Joe
>
> > Joe
> > As I said:
> > Also I know that this machine can
> >> establish radius connection (udp/1812) to the
> >> radius server. I tried it using nc command.
> >
> > Using nc command I could establich udp connection
> to
> > 1812 port and the firewall permits the connection.
> > It's not a network problem :(
> >
> > --Fatemeh
> >
> > --- Joe Lewis <joe at joe-lewis.com> wrote:
> >> Have you run network checks to ensure that ports
> are
> >> being opened? You
> >> might have a firewall on the sending side, the
> >> recieving side, or
> >> somewhere in between that is causing problems.
> >> Telnet on the radius port
> >> and verify that you can get a connection.
> >>
> >> Joe
> >>
> >> > Dear All,
> >> > I did install cyrus imapd 2.2.3 on redhat
> >> > enterprise 3.Now I want authenticate users
> trough
> >> a
> >> > radius server.I have done it previously on
> redhat
> >> 7.1
> >> > and it works fine But now pam_radius does not
> send
> >> the
> >> > request to the radiusserver.
> >> > Maybe here
> >> > is not the proper place to ask this, but I
> though
> >> you
> >> > might have such experience.
> >> >
> >> > I have:
> >> > --sasl_passwd_check=saslauthd
> sasl_mech_list=PLAIN
> >> > --in /etc/pam.d/pop I have
> >> > auth required /lib/security/pam_radius_auth.so
> >> debug
> >> > --and have configured
> >> > /etc/raddb/server too and the permission is
> 755.
> >> > --Also /lib/security/pam_radius_auth.so is
> >> > available too. (pam_radius 1.3.16)I ran
> saslauthd
> >> with
> >> > -a pam , it get the username but there
> >> > is no sign of sending the request to radius
> >> server.
> >> >
> >> > log:
> >> > saslauthd[2859]: rel_accept_lock : released
> accept
> >> > lock
> >> > May22 saslauthd[2860]: get_accept_lock :
> acquired
> >> > accept lock
> >> > May 2212:06:56 test saslauthd[2859]:
> >> pam_radius_auth:
> >> > Got user name fatemehand
> >> >
> >> > nothing about sending request is found in log.
> >> >
> >> > With my tests I know that pam_radius_auth does
> >> read
> >> > the /etc/radd/server but does not send any
> request
> >> to
> >> > radius server. Also I know that this machine
> can
> >> > establish radius connection (udp/1812) to the
> >> > radius server. I tried it using nc command.
> Any
> >> > comment is really appriciated.
> >> >
> >> >
> >> > Please help.
> >> > Thanks F. Taj
> >> > P.S, I have asked it in cyrus imapd and cyrus
> sasl
> >> > list too but no answer :(
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > __________________________________
> >> > Do you Yahoo!?
> >> > Friends. Fun. Try the all-new Yahoo!
> Messenger.
> >> > http://messenger.yahoo.com/
> >> >
> >> >
> >> > _______________________________________________
> >> > Pam-list mailing list
> >> > Pam-list at redhat.com
> >> >
> https://www.redhat.com/mailman/listinfo/pam-list
> >> >
> >>
> >>
> >> Joe Lewis
> >>
> >>
> >> _______________________________________________
> >> Pam-list mailing list
> >> Pam-list at redhat.com
> >> https://www.redhat.com/mailman/listinfo/pam-list
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Friends. Fun. Try the all-new Yahoo! Messenger.
> > http://messenger.yahoo.com/
> >
> >
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
More information about the Pam-list
mailing list