the radiusd.conf file needs the pam entry uncommented.
you need a /etc/pam.d/radiusd file.
(I never got the pam_auth argument in the radiusd.conf file to work
correctly, I don't believe you want to use the "login" file anyway since
that checks out what tty you are using and in this case you are not using
any..)
Your 'users' file needs to include something like:
DEFAULT Auth-Type :=Pam
pam-auth="radius",
Fall-Through = Yes
I am not sure pam-auth= should read pam-auth="radiusd" here.
You can crank up debugging on the pam modules, I think it is the -d
pam or -debug or something similar.
Try something like this in your /etc/pam.d/radius.d file:
auth required /lib/security/pam_unix.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_permit.so
password required /lib/security/pam_permit.so
session required /lib/security/pam_permit.so
On Thu, 20 May 2004, Maqbool Hashim wrote:
> I posted the following to the list yesterday, I thought I would post it
> again in case anyone else has any ideas regarding this...? (Are there
> any experts on PAM on the list?) I know this may
> be a little of topic if it is a PAM problem, but I would appreciate help
> from anyone who has got RADIUS to work with PAM.
>
> Thanks and please forgive me for posting it twice
>
> Maqbool Hashim wrote:
>
> >
> >
> > FreeRadius version: 0.9.3
> > Redhat Linux 9.0
> >
> > I have installed FreeRadius on my system and to get familiar with it I
> > am attempting to the Unix login program to authenticate using the
> > radius server. In order to this I am using the radius pam module
> > pam_radius_auth. So PAM is the radius client. (All programs are
> > running on the same machine, client and radius server).
> >
> > Heres what I have in /etc/pam.d/login :
> >
> > #%PAM-1.0
> > auth required pam_securetty.so
> > auth sufficient /lib/security/pam_radius_auth.so debug
> > auth required pam_stack.so service=system-auth
> > auth required pam_nologin.so
> > account required pam_stack.so service=system-auth
> > password required pam_stack.so service=system-auth
> > session required pam_stack.so service=system-auth
> > session optional pam_console.so
> >
> > and in /raddb/users I have the following default line:
> > DEFAULT Auth-Type := System
> > Service-Type = Login-User
> >
> > I start the radius server as follows:
> >
> > radiusd -i 127.0.0.1 -X
> >
> > then in another terminal I execute login and try to login as a normal
> > user. The login program returns with:
> >
> > Authentication service cannot retrieve authentication info.
> >
> > Now I check the radius server debugging info and from that side it
> > seems to be authenticating the user fine:
> > users: Matched DEFAULT at 140
> > modcall[authorize]: module "files" returns ok for request 0
> > modcall[authorize]: module "mschap" returns noop for request 0
> > modcall: group authorize returns ok for request 0
> > rad_check_password: Found Auth-Type System
> > auth: type "System"
> > modcall: entering group authenticate for request 0
> > modcall[authenticate]: module "unix" returns ok for request 0
> > modcall: group authenticate returns ok for request 0
> > Sending Access-Accept of id 206 to 127.0.0.1:5735
> > Service-Type = Login-User
> > Finished request 0
> >
> >
> > This problem has me confused. If anyone can shed any light on the
> > matter I would appreciate it. Perhaps the problem lies in the
> > .../pam.d/login configuration?
> >
> >
> >
> >
> >
> >
> >
> > - List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
