That's good to know. What seems odd, though, is that it resends the same request in quick, sub-second succession (based on the RADIUS server logs). This case has a single RADIUS server at a single IP and a single secret that works when the correct password is sent (and only 1 log entry), but a wrong entry is 3 failures.
On 4/24/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
J S wrote: > > I'm running pam_radius 1.3.16 on Solaris 10 using a Cisco ACS backend > that authenticates to an MS AD server. > I'm running into an issue where a user will fail a single login attempt > (one username/password challenge with a bad password) and the ACS will > record 3 attempts from the client (the Solaris 10 server). after a > single attempt (or a valid login with a local password) the 3 fails > bollixes up the AD login attempts and locks the user out. Am I missing a > compile option to only attempt a single RADIUS login per authentication > or do I possible have pam.conf misconfigured. I use sshd-kbdint and > sshd-password with the same results. Otherwise the system works well. The module will re-send the request if it doesn't get a response from the RADIUS server. Or, if the response is sent from the wrong IP (i.e. the RADIUS server has multiple IP's). Or, if the shared secret is incorrect. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
