Problem with radiusd and pam authentication
Jean-Paul.Chapalain at gicm.fr
Jean-Paul.Chapalain at gicm.fr
Tue Feb 21 09:36:48 UTC 2006
Hi,
The authentication fails because radiusd daemon is running under radiusd
user. When radiusd is running as root uid, pam authentication works fine.
Jean-paul.
Jean-Paul.Chapalain at gicm.fr wrote:
> I'm trying to run authentication from FreeRadius (Version 1.0.1) with Pam.
>
> So, i've created a Unix user (Fermi Linux LTS Release 3.0.1): pamuser.
>
> When, i'm using "su" command with pam for this user with radiusd user,
> it's ok : (/var/log/messages)
> Feb 20 17:12:19 tuxrazor su(pam_unix)[20566]: session opened for user
> pamuser by radiusd(uid=502)
>
> When, i'm using pam for authenticate a freeradius user, i've a
> autenthication failure : (/var/log/messages)
> Feb 20 17:10:16 tuxrazor radiusd(pam_unix)[19912]: authentication
> failure; logname= uid=502 euid=502 tty= ruser= rhost= user=pamuser
>
> See below :
> /etc/pam.d/radiusd :
> --------------------
> #%PAM-1.0
> auth required /lib/security/pam_unix_auth.so shadow nullok
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_unix_acct.so
> password required /lib/security/pam_cracklib.so
> password required /lib/security/pam_unix_passwd.so shadow nullok
> use_authtok
> session required /lib/security/pam_unix_session.so
>
> FreeRadius log (debug) :
> ------------------------
> Starting - reading configuration files ...
>
> ...skipping
> Module: Instantiated mschap (mschap)
> Module: Loaded Pam
> pam: pam_auth = "radiusd"
> Module: Instantiated pam (pam)
>
> ...shipping
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Listening on proxy *:1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 200.1.1.1:1645, id=36, length=78
> NAS-IP-Address = 200.1.1.1
> NAS-Port = 66
> NAS-Port-Type = Virtual
> User-Name = "pamuser"
> Calling-Station-Id = "200.2.2.1"
> User-Password = "blablabla"
> Processing the authorize section of radiusd.conf
>
> ... skipping
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type PAM
> auth: type "PAM"
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> pam_pass: using pamauth string <radiusd> for pam.conf lookup
> pam_pass: function pam_authenticate FAILED for <pamuser>. Reason:
> Authentication failure
> modcall[authenticate]: module "pam" returns reject for request 0
> modcall: group Auth-Type returns reject for request 0
> auth: Failed to validate the user.
>
> Any suggestion regarding why PAM module refuse the authentication ?
>
> Thank in advance.
>
> Jean-Paul.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3354 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060221/c52a9799/attachment.bin>
More information about the Pam-list
mailing list