anyone??? pls!!! no suggestions at all ? :( Pe 12 Oct 2006, la 12:46, [EMAIL PROTECTED] a scris:
> >Hello! > >I try to authenticate ssh users logins using pam_radius_auth.so. >On my RedHat 9 I have the following setup: >- freeradius server > - users file: > test Auth-Type := Local, User-Password == "test" > > - clients.conf > client 127.0.0.1 { > secret = secret > shortname = localhost > } > >-pam radius module > - cat /etc/pam.d/sshd >#%PAM-1.0 >auth required pam_securetty.so >auth sufficient pam_radius_auth.so debug >auth required /lib/security/pam_unix_auth.so >account required pam_radius_auth.so debug >password required pam_stack.so service=system-auth >session required pam_stack.so service=system-auth >session required pam_limits.so >session optional pam_console.so > -cat /etc/raddb/server > 127.0.0.1 secret 1 > > >- pam_radius_auth.so is copied in /lib/security >-I created linux user test with home directory /home/test , without setting up >a password >- freeradius started with radiusd -X > >Problem is that, when I trie to connect to this machine using ssh, the radius >server receives the request, processes it, sends access-accept, but the ssh >session is ended, without the user being really logged in !!! I don't know the >reason why the user gets rejected... > >tail -f /var/log/secure >Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: DEBUG: >getservbyname(radius, udp) returned 1108551052. >Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: Got RADIUS response >code 2 >Oct 12 11:06:27 D-Server sshd[26585]: pam_radius_auth: authentication succeeded >Oct 12 11:06:27 D-Server sshd[26585]: Accepted password for test from >10.243.30.42 port 2847 ssh2 >Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got user name test >Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Sending RADIUS request >code 1 >Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: DEBUG: >getservbyname(radius, udp) returned 1108551052. >Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: Got RADIUS response >code 2 >Oct 12 11:28:30 D-Server sshd[26590]: pam_radius_auth: authentication succeeded >Oct 12 11:28:30 D-Server sshd[26590]: Accepted password for test from >10.243.30.42 port 2881 ssh2 > >from radiusd -X : >rad_recv: Access-Request packet from host 127.0.0.1:27615, id=253, length=97 > User-Name = "test" > User-Password = "test" > NAS-IP-Address = 127.0.0.1 > NAS-Identifier = "sshd" > NAS-Port = 26590 > NAS-Port-Type = Virtual > Service-Type = Authenticate-Only > Calling-Station-Id = "512wyse83.cosmote.rom" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "test", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > users: Matched entry test at line 80 > modcall[authorize]: module "files" returns ok for request 0 >modcall: leaving group authorize (returns ok) for request 0 > rad_check_password: Found Auth-Type Local >auth: type Local >auth: user supplied User-Password matches local User-Password >Sending Access-Accept of id 253 to 127.0.0.1 port 27615 >Finished request 0 > >thank you! > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html