Problem with radiusd and pam authentication
Jean-Paul.Chapalain at gicm.fr
Jean-Paul.Chapalain at gicm.fr
Mon Feb 20 17:27:12 UTC 2006
I'm trying to run authentication from FreeRadius (Version 1.0.1) with Pam.
So, i've created a Unix user (Fermi Linux LTS Release 3.0.1): pamuser.
When, i'm using "su" command with pam for this user with radiusd user,
it's ok : (/var/log/messages)
Feb 20 17:12:19 tuxrazor su(pam_unix)[20566]: session opened for user
pamuser by radiusd(uid=502)
When, i'm using pam for authenticate a freeradius user, i've a
autenthication failure : (/var/log/messages)
Feb 20 17:10:16 tuxrazor radiusd(pam_unix)[19912]: authentication
failure; logname= uid=502 euid=502 tty= ruser= rhost= user=pamuser
See below :
/etc/pam.d/radiusd :
--------------------
#%PAM-1.0
auth required /lib/security/pam_unix_auth.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_unix_passwd.so shadow nullok
use_authtok
session required /lib/security/pam_unix_session.so
FreeRadius log (debug) :
------------------------
Starting - reading configuration files ...
...skipping
Module: Instantiated mschap (mschap)
Module: Loaded Pam
pam: pam_auth = "radiusd"
Module: Instantiated pam (pam)
...shipping
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 200.1.1.1:1645, id=36, length=78
NAS-IP-Address = 200.1.1.1
NAS-Port = 66
NAS-Port-Type = Virtual
User-Name = "pamuser"
Calling-Station-Id = "200.2.2.1"
User-Password = "blablabla"
Processing the authorize section of radiusd.conf
... skipping
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type PAM
auth: type "PAM"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: function pam_authenticate FAILED for <pamuser>. Reason:
Authentication failure
modcall[authenticate]: module "pam" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.
Any suggestion regarding why PAM module refuse the authentication ?
Thank in advance.
Jean-Paul.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3354 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060220/87674b9f/attachment.bin>
More information about the Pam-list
mailing list