Let me upgrade my Freeradius and try one more time. On Mon, Jun 13, 2011 at 11:51 PM, Simon Josefsson <[email protected]>wrote:
> Hailu Meng <[email protected]> writes: > > > I found the problem. I comment the account command in pam. After I put > > in-system for account. The user root can authenticate successfully. It > seems > > like I need create all the users in the server to get authentication > > successful. > > Right -- real user accounts need to exist, I have also run into this > issue. If anyone knows how to disable this check in FreeRadius, that > would be great to know. Sometimes it is just a pain to create real user > accounts on the Radius server. > > /Simon > > > On Mon, Jun 13, 2011 at 8:52 AM, Hailu Meng <[email protected]> wrote: > > > >> Hi All, > >> > >> I'm getting there. But went into some problem. I have Freeradius 1.1.3. > I'm > >> testing Radius --> PAM --> OATH. The oath toolkit got executed > successfully > >> and return the "success" message to PAM stack but for some reason > pam_pass > >> failed. Here is the debug from radiusd: > >> > >> rad_recv: Access-Request packet from host 127.0.0.1:53651, id=230, > >> length=56 > >> User-Name = "root" > >> User-Password = "073348" > >> NAS-IP-Address = 255.255.255.255 > >> NAS-Port = 1812 > >> Processing the authorize section of radiusd.conf > >> modcall: entering group authorize for request 2 > >> modcall[authorize]: module "preprocess" returns ok for request 2 > >> modcall[authorize]: module "chap" returns noop for request 2 > >> modcall[authorize]: module "mschap" returns noop for request 2 > >> rlm_realm: No '@' in User-Name = "root", looking up realm NULL > >> rlm_realm: No such realm "NULL" > >> modcall[authorize]: module "suffix" returns noop for request 2 > >> rlm_eap: No EAP-Message, not doing EAP > >> modcall[authorize]: module "eap" returns noop for request 2 > >> users: Matched entry DEFAULT at line 152 > >> modcall[authorize]: module "files" returns ok for request 2 > >> modcall: leaving group authorize (returns ok) for request 2 > >> rad_check_password: Found Auth-Type pam > >> auth: type "PAM" > >> Processing the authenticate section of radiusd.conf > >> modcall: entering group authenticate for request 2 > >> pam_pass: using pamauth string <radiusd> for pam.conf lookup > >> [pam_oath.c:parse_cfg(118)] called. > >> [pam_oath.c:parse_cfg(119)] flags 0 argc 3 > >> [pam_oath.c:parse_cfg(121)] argv[0]=debug > >> [pam_oath.c:parse_cfg(121)] argv[1]=usersfile=/etc/users.oath > >> [pam_oath.c:parse_cfg(121)] argv[2]=window=20 > >> [pam_oath.c:parse_cfg(122)] debug=1 > >> [pam_oath.c:parse_cfg(123)] alwaysok=0 > >> [pam_oath.c:parse_cfg(124)] try_first_pass=0 > >> [pam_oath.c:parse_cfg(125)] use_first_pass=0 > >> [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath > >> [pam_oath.c:parse_cfg(127)] digits=0 > >> [pam_oath.c:parse_cfg(128)] window=20 > >> [pam_oath.c:pam_sm_authenticate(157)] get user returned: root > >> [pam_oath.c:pam_sm_authenticate(232)] conv returned: 073348 > >> [pam_oath.c:pam_sm_authenticate(292)] OTP: 073348 > >> [pam_oath.c:pam_sm_authenticate(305)] authenticate rc 0 (OATH_OK: > >> Successful return) last otp Mon Jun 13 08:32:53 2011 > >> > >> [pam_oath.c:pam_sm_authenticate(327)] done. [Success] > >> pam_pass: function pam_acct_mgmt FAILED for <root>. Reason: > Authentication > >> failure > >> modcall[authenticate]: module "pam" returns reject for request 2 > >> modcall: leaving group authenticate (returns reject) for request 2 > >> auth: Failed to validate the user. > >> Login incorrect: [root] (from client localhost port 1812) > >> > >> Any idea about this? Thanks for your help!! > >> > >> Lou > >> >
