J S wrote: > > I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend > that authenticates to an MS AD server. > I'm running into an issue where a user will fail a single login attempt > (one username/password challenge with a bad password) and the ACS will > record 3 attempts from the client (the Solaris 10 server). after a > single attempt (or a valid login with a local password) the 3 fails > bollixes up the AD login attempts and locks the user out. Am I missing a > compile option to only attempt a single RADIUS login per authentication > or do I possible have pam.conf misconfigured. I use sshd-kbdint and > sshd-password with the same results. Otherwise the system works well.
The module will re-send the request if it doesn't get a response from the RADIUS server. Or, if the response is sent from the wrong IP (i.e. the RADIUS server has multiple IP's). Or, if the shared secret is incorrect. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html