Problem with radiusd and pam authentication

Jean-Paul.Chapalain at gicm.fr Jean-Paul.Chapalain at gicm.fr
Tue Feb 21 09:36:48 UTC 2006 

Hi,

The authentication fails because radiusd daemon is running under radiusd
user. When radiusd is running as root uid, pam authentication works fine.

Jean-paul.

Jean-Paul.Chapalain at gicm.fr wrote:
> I'm trying to run authentication from FreeRadius (Version 1.0.1) with Pam.
> 
> So, i've created a Unix user (Fermi Linux LTS Release 3.0.1): pamuser.
> 
> When, i'm using "su" command with pam for this user with radiusd user,
> it's ok : (/var/log/messages)
> Feb 20 17:12:19 tuxrazor su(pam_unix)[20566]: session opened for user
> pamuser by radiusd(uid=502)
> 
> When, i'm using pam for authenticate a freeradius user, i've a
> autenthication failure : (/var/log/messages)
> Feb 20 17:10:16 tuxrazor radiusd(pam_unix)[19912]: authentication
> failure; logname= uid=502 euid=502 tty= ruser= rhost=  user=pamuser
> 
> See below :
> /etc/pam.d/radiusd :
> --------------------
> #%PAM-1.0
> auth       required     /lib/security/pam_unix_auth.so shadow nullok
> auth       required     /lib/security/pam_nologin.so
> account    required     /lib/security/pam_unix_acct.so
> password   required     /lib/security/pam_cracklib.so
> password   required     /lib/security/pam_unix_passwd.so shadow nullok
> use_authtok
> session    required     /lib/security/pam_unix_session.so
> 
> FreeRadius log (debug) :
> ------------------------
> Starting - reading configuration files ...
> 
> ...skipping
> Module: Instantiated mschap (mschap)
> Module: Loaded Pam
>  pam: pam_auth = "radiusd"
> Module: Instantiated pam (pam)
> 
> ...shipping
> Module: Instantiated radutmp (radutmp)
> Listening on authentication *:1812
> Listening on accounting *:1813
> Listening on proxy *:1814
> Ready to process requests.
> rad_recv: Access-Request packet from host 200.1.1.1:1645, id=36, length=78
>         NAS-IP-Address = 200.1.1.1
>         NAS-Port = 66
>         NAS-Port-Type = Virtual
>         User-Name = "pamuser"
>         Calling-Station-Id = "200.2.2.1"
>         User-Password = "blablabla"
>   Processing the authorize section of radiusd.conf
> 
> ... skipping
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type PAM
> auth: type "PAM"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 0
> pam_pass: using pamauth string <radiusd> for pam.conf lookup
> pam_pass: function pam_authenticate FAILED for <pamuser>. Reason:
> Authentication failure
>   modcall[authenticate]: module "pam" returns reject for request 0
> modcall: group Auth-Type returns reject for request 0
> auth: Failed to validate the user.
> 
> Any suggestion regarding why PAM module refuse the authentication ?
> 
> Thank in advance.
> 
> Jean-Paul.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3354 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060221/c52a9799/attachment.bin>

More information about the Pam-list mailing list