On 02/11/2015 09:38 PM, Cover, Christopher R. CTR wrote: > Our pam_radius module configuration (/etc/raddb/server):
On an Ubuntu 12.04 this file seems to be /etc/pam_radius_auth.conf I guess /etc/raddb/server is correct in your case since pam appears to find the server information. However, it might be useful to check you are configuring the correct file. > xxx.xxx.xxx.150:1645 $3cr3t 3 > xxx.xxx.xxx.151:1645 $3cr3t 3 > Feb 11 13:34:53 client-host sshd[16967]: pam_radius_auth: RADIUS server > xxx.xxx.xxx.150 failed to respond > Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: RADIUS server > xxx.xxx.xxx.151 failed to respond > Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: All RADIUS servers > failed to respond. If the servers fail to respond, I would check the server logs (use Trace 4 for debugging) to see if they are receiving the requests. It may happen that the requests are received by the servers, but they choose not to respond because of a configuration or other problems. I would also check the shared secrets. If the secret is incorrect, any response the server sends back gets ignored because the client must discard the requests with incorrect authenticator. The client may log about this but I do not know if pam radius does. If the secret is incorrect, the server most likely logs about bad passwords too, because it does not have the correct secret to decrypt the User-Password attribute. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator