I posted the following to the list yesterday, I thought I would post it again in case anyone else has any ideas regarding this...? (Are there any experts on PAM on the list?) I know this may
be a little of topic if it is a PAM problem, but I would appreciate help from anyone who has got RADIUS to work with PAM.

Thanks and please forgive me for posting it twice

Maqbool Hashim wrote:

FreeRadius version:  0.9.3
Redhat Linux 9.0

I have installed FreeRadius on my system and to get familiar with it I am attempting to the Unix login program to authenticate using the radius server. In order to this I am using the radius pam module pam_radius_auth. So PAM is the radius client. (All programs are running on the same machine, client and radius server).

Heres what I have in /etc/pam.d/login :

auth       required     pam_securetty.so
auth       sufficient   /lib/security/pam_radius_auth.so debug
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

and in  /raddb/users I have the following default line:
DEFAULT Auth-Type := System
                Service-Type = Login-User

I start the radius server as follows:

radiusd -i -X

then in another terminal I execute login and try to login as a normal user. The login program returns with:

Authentication service cannot retrieve authentication info.

Now I check the radius server debugging info and from that side it seems to be authenticating the user fine:
users: Matched DEFAULT at 140
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Accept of id 206 to
Service-Type = Login-User
Finished request 0

This problem has me confused. If anyone can shed any light on the matter I would appreciate it. Perhaps the problem lies in the .../pam.d/login configuration?

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to