pam_radius_auth query
Hi,Please clarify my doubts. 1. does pam_radius_auth.so support authorization of user accounts?nbsp;2. If Yes how can we achieve it? what configurations need to be done. Now pam_radius_auth.c sends authentication requests with the valuenbsp;PW_AUTHENTICATE_ONLY. what value i need to send? and what configuration I have to make at server side to implement authorization. I am using pam_radius_auth.so for authentication and it is working fine. At the free radius server side nbsp;I am authenticating users using /etc/password nbsp;file as database.(I have enabled unix option in default file authorization section.) Thanks and Regards, VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to set Authentication method priority??
Hi, 1. nbsp;nbsp;nbsp;nbsp;I have pam_radius_auth module configured to authenticate the login users. I have configured FreeRadius Server on a linux machine. I want to set the the priority for local authentication or Radius authentication for SSH. How can I do this? 2. I have created a user called user on client machine with passwd 123qwe and I have created the same user on server with password User_12, when authentication request reached the server it is sending Access-Accept message back to client, but user is not getting access to the machine(SSH). I have following configuration in my /etc/pam.d/ssh file auth nbsp; nbsp; nbsp; sufficient nbsp; nbsp;pam_radius_auth.so debugauth nbsp; nbsp; nbsp; required nbsp; nbsp; pam_nologin.soauth nbsp; nbsp; nbsp; required nbsp; nbsp; pam_unix.soauth nbsp; nbsp; nbsp; required nbsp; nbsp; pam_env.so # [1]auth nbsp; nbsp; nbsp; required nbsp; nbsp; pam_tally.so deny=10 per_user account nbsp; nbsp;required nbsp; nbsp; pam_unix.sonbsp;session nbsp; nbsp;required nbsp; nbsp; pam_unix.sosession nbsp; nbsp;optional nbsp; nbsp; pam_motd.so # [1]session nbsp; nbsp;optional nbsp; nbsp; pam_mail.so standard noenv # [1]session nbsp; nbsp;required nbsp; nbsp; pam_limits.sonbsp;#password nbsp; required nbsp; nbsp; pam_unix.sonbsp;# Alternate strength checking for password. Note that this# requires the libpam-cracklib package to be installed.# You will need to comment out the password line above and# uncomment the next two in order to use this.## password required nbsp; nbsp; nbsp; pam_cracklib.so retry=3 minlen=6 difok=3# password required nbsp; nbsp; nbsp; pam_unix.so use_authtok nullok md5nbsp;password required nbsp; nbsp; nbsp; pam_cracklib.so retry=3 minlen=8 difok=3 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1nbsp;password required nbsp; nbsp; nbsp; pam_unix.so use_authtok nullok md5 shadow remember=5 Please let me know If I am making any mistake here. and help me to set the priority. Thanx and RegardsVijay S. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to authorize login users using FreeRadius???
Hello friends, I am running pam_radius_auth.sonbsp;client on one machine and freeRadius server on the other machine. Authentication is happening fine for the user accounts. I want to give certain privilege levels to each user on client machine. For example network_admin, security_admin, guest etc privilages. How can i configure these previlage leves for authorization on client and server side? Thanks amp; Regards, VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius authentication support for telnet server.
Thank you very very much Mr.Fajar. After making changes in /etc/pam.d/login it's working. authentication request is coming to freeradius server and authentication is successful. :) Thanks amp; Regards,Vijay S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius authentication support for telnet server.
Thank you very very much Mr.Fajar. After making changes in /etc/pam.d/login it's working. authentication request is coming to freeradius server and authentication is successful. :)I need one more help, Please let me know the configuration file for FTP alo. i have crated a wu-ftpd file inside /etc/pam.d/ but it is not working. Thanks amp; Regards,Vijay S. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius authentication support for telnet server.
Hello Friends,I want to authenticate telnet users using Free Radius server.nbsp;I have pam_radius_auth.so and configured it for ssh which is working fine.nbsp;For telnet alsonbsp;I have created a file /etc/pam.d/telnet nbsp;and trying to authenticate using freeRadius server. But it is not happening. Kindly let me know how can i authenticate telnet users using freeRadius? Thanks amp; Regards,Vijay S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius authentication support for telnet server.
Hi Friends, I am trying to authenticate telnet users using free radius. on my system telnet is running as follows.ps -ef | grep xinetdroot 22737 1 0 10:52 ? 00:00:00 /usr/sbin/xinetd -reuseroot 22864 18178 0 10:57 pts/1 00:00:00 grep xinetd I have tried by creating telnet, xinetd files in /etc/pam.d/ folder. I have included auth sufficient pam_radius_auth.so debug in these files. I have added this line to /etc/pam.d/other file also. I don't have /etc/pam.d/common-auth file i think other file is for the same. but i am not getting the request form pam_radius_auth.so client to my radius server running on different machine. when i checked the log files at client side it shows as below. Feb 7 10:53:35 (none) xinetd[22737]: START: telnet pid=22769 from=:::10.1.1.101Feb 7 10:53:44 (none) login(pam_unix)[22770]: account user has password changed in futureFeb 7 10:53:44 (none) login(pam_unix)[22770]: session opened for user user by (uid=0)Feb 7 10:53:44 (none) login[22770]: ROOT LOGIN on `pts/4' from `10.1.1.101' please let me know how can i authenticate telnet users with radius server. Thanks amp; RegardsVijay S. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Client UDP port selection
Hello Friends, Now the radius client UDP port is selected randomly, Is there a way by which i can mention the server to use perticular UDP port nbsp;as client port. 1. Is there a way where i can configure port numbers for client and server?2. Or if i need to change the code then in which function i have to change? I want client udp port number should be greater than 32767. Kindly help me. Thanks and Regards,VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error connecting Radius server
Hello Friends, I am getting following error while authenticating users. nbsp;The request from pam_radius is reaching radius server and server is sending Access-Accept. but client is not able to receive this message. Feb 1 14:25:40 (none) sshd[27321]: pam_radius_auth: Got user name userFeb 1 14:25:42 (none) sshd[27321]: pam_radius_auth: Sending RADIUS request code 1Feb 1 14:25:42 (none) sshd[27321]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 722322004.Feb 1 14:25:45 (none) sshd[27321]: pam_radius_auth: RADIUS server 19.1.1.2 failed to respondFeb 1 14:25:45 (none) sshd[27321]: pam_radius_auth: DEBUG: get_ipaddr(other-server) returned 0.Feb 1 14:25:45 (none) sshd[27321]: pam_radius_auth: Failed looking up IP address for RADIUS server other-server (errcode=9)Feb 1 14:25:45 (none) sshd[27321]: pam_radius_auth: All RADIUS servers failed to respond.Feb 1 14:25:45 (none) sshd[27321]: pam_radius_auth: authentication failed Kindly help me to fix this problem. Thanks and Regards VIJAY S. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 69, Issue 104
Thanks for the reply ... I solved this problem by making some changes in Makefile. added below lines in Makefile to solvenbsp;Faulty module pam_radius_auth.sonbsp;error. md5.o: md5.c md5.hnbsp;nbsp; nbsp;$(cc) $(CFLAGS) -c md5.c -o md5.o On Mon, 31 Jan 2011 17:12:49 , freeradius-users-requ...@lists.freeradius.org wrote Send Freeradius-Users mailing list submissions to nbsp;nbsp;nbsp;freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit nbsp;nbsp;nbsp;http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to nbsp;nbsp;nbsp;freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at nbsp;nbsp;nbsp;freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: nbsp; 1. Re: Treating octets as string (Alan DeKok) nbsp; 2. Faulty module pam_radius_auth.so (vijay s sheelavantar) nbsp; 3. Re: Faulty module pam_radius_auth.so (Peter Lambrechtsen) nbsp; 4. Exec Module FreeRADIUS Version 2.1.8 (hollman.diaz) nbsp; 5. Re: deny access with huntgroups (tragus) nbsp; 6. max_requests and db connection and oracle issues? (Omer Faruk SEN) -- Message: 1 Date: Sun, 30 Jan 2011 17:09:41 +0100 From: Alan DeKok lt;al...@deployingradius.comgt; Subject: Re: Treating octets as string To: FreeRadius users mailing list nbsp;nbsp;nbsp;lt;freeradius-users@lists.freeradius.orggt; Message-ID: lt;4d458d45.5090...@deployingradius.comgt; Content-Type: text/plain; charset=ISO-8859-1 Brian Candler wrote: gt; OK, I've had a go at a patch. You can find it at gt; https://github.com/candlerb/freeradius-server/tree/candlerb/string_expansion gt; gt; Aside: I guess you can't use this if you have an 'octets' value with an gt; embedded null. If I set nbsp;That's easy enough to fix, and the server already includes code to handle non-printable characters in a string. gt; Also, while doing this I also discovered a bug in the %{integer:...} gt; expansion: it will cause freeradius to segfault if the vp is known in the gt; dictionary but is not present in the request (radius_get_vp will return true gt; but set vp to NULL). nbsp;The fix is also in that branch, but I'll post it here gt; too: nbsp;Whoops. nbsp;That needs fixing, yes. nbsp;I've pushed fixes to the git repository. nbsp;Alan DeKok. -- Message: 2 Date: 31 Jan 2011 01:07:54 - From: vijay s sheelavantar lt;s_vija...@rediffmail.comgt; Subject: Faulty module pam_radius_auth.so To: freeradius-users lt;freeradius-users@lists.freeradius.orggt; Message-ID: lt;20110131010754.9001.qm...@f4mail211.rediffmail.comgt; Content-Type: text/plain; charset=utf-8 Hello Friends, I have compiled pam_radius_auth.so for MIPS architecture. I am linking the libraries as follows.amp;nbsp;$(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.soI tried by linking (-lc) also. but authentication is failing. I have captured the log from /var/log/auth.log. and it says the error as below. Jan 31 10:11:10 (none) sshd[25680]: PAM unable to dlopen(/lib/security/pam_radius_auth.so)Jan 31 10:11:10 (none) sshd[25680]: PAM [dlerror: /lib/security/pam_radius_auth.so: undefined symbol: pra_MD5Init]Jan 31 10:11:10 (none) sshd[25680]: PAM adding faulty module: /lib/security/pam_radius_auth.so kindly help me to solve this problem. Thanks and Regards, VIJAY S. -- next part -- An HTML attachment was scrubbed... URL: lt;https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110131/d0e03a41/attachment.htmlgt; -- Message: 3 Date: Mon, 31 Jan 2011 14:50:25 +1300 From: Peter Lambrechtsen lt;plambrecht...@gmail.comgt; Subject: Re: Faulty module pam_radius_auth.so To: FreeRadius users mailing list nbsp;nbsp;nbsp;lt;freeradius-users@lists.freeradius.orggt; Message-ID: nbsp;nbsp;nbsp;lt;AANLkTinPWP8pZYQtA=gg-7oswjzxnq5nle+sp4fpa...@mail.gmail.comgt; Content-Type: text/plain; charset=iso-8859-1 You may have the same problem as we did with how UNIT4 was defined. http://lists.freeradius.org/pipermail/freeradius-users/2010-September/msg00637.html In the radius.h -typedef unsigned long UINT4; +typedef uint32_t UINT4; Cheers Peter On Mon, Jan 31, 2011 at 2:07 PM, vijay s sheelavantar lt; s_vija...@rediffmail.comgt; wrote: gt; Hello Friends, gt; gt; I have compiled pam_radius_auth.so for MIPS architecture. I am linking the gt; libraries as follows. gt; * $(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so* gt; I tried by linking (-lc) also. but authentication is failing. I have gt; captured the log from /var/log/auth.log. and it says the error as below
Faulty module pam_radius_auth.so
Hello Friends, I have compiled pam_radius_auth.so for MIPS architecture. I am linking the libraries as follows.nbsp;$(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.soI tried by linking (-lc) also. but authentication is failing. I have captured the log from /var/log/auth.log. and it says the error as below. Jan 31 10:11:10 (none) sshd[25680]: PAM unable to dlopen(/lib/security/pam_radius_auth.so)Jan 31 10:11:10 (none) sshd[25680]: PAM [dlerror: /lib/security/pam_radius_auth.so: undefined symbol: pra_MD5Init]Jan 31 10:11:10 (none) sshd[25680]: PAM adding faulty module: /lib/security/pam_radius_auth.so kindly help me to solve this problem. Thanks and Regards, VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 69, Issue 93
Hello Alan,there was some problem with my firewall. I disabled it. and now it is working fine. Thank you. :) On Thu, 27 Jan 2011 16:41:20 , freeradius-users-requ...@lists.freeradius.org wrote Send Freeradius-Users mailing list submissions to nbsp;nbsp;nbsp;freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit nbsp;nbsp;nbsp;http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to nbsp;nbsp;nbsp;freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at nbsp;nbsp;nbsp;freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: nbsp; 1. Re: Python module/program (Terry Simons) nbsp; 2. Radius authentication problem. (vijay s sheelavantar) nbsp; 3. reset sql counter every 30 minute (piston) nbsp; 4. Re: reset sql counter every 30 minute (Bishal Pun) nbsp; 5. Re: Radius authentication problem. (Alan Buxey) -- Message: 1 Date: Wed, 26 Jan 2011 15:06:58 -0800 From: Terry Simons lt;terry.sim...@gmail.comgt; Subject: Re: Python module/program To: FreeRadius users mailing list nbsp;nbsp;nbsp;lt;freeradius-users@lists.freeradius.orggt; Message-ID: nbsp;nbsp;nbsp;lt;AANLkTi=pjYQ7Uk2QxrHGy4X5z-NRZOrb0NB=uf=cv...@mail.gmail.comgt; Content-Type: text/plain; charset=iso-8859-1 Is the python module catching all exceptions? You need to make sure you don't mask out the KeyboardInterrupt exception... otherwise, you may prevent Control-C from being passed up the stack. I'm not sure if that's your issue, but it sounds like it could be. nbsp;It's considered a Python best practice to explicitly catch the exact exceptions that you know how to handle, and let exceptions that you're not going to handle directly trickle up. That is to say that you should never do something like: try: nbsp; nbsp;lt;some codegt; except: nbsp; lt;some codegt; because you *will* end up masking things like KeyboardInterrupt. You should always do something like: try: nbsp; nbsp;lt;some codegt; except TheExceptionClass: nbsp; nbsp;lt;some codegt; HTH, - Terry On Wed, Jan 26, 2011 at 2:47 PM, McCann, Brian lt;bmcc...@andmore.comgt; wrote: gt; Hi all. nbsp;I've got freeradius working using a python library for auth, but gt; something interesting happened when I did. nbsp;When I run radius -X, and gt; press nbsp;CRTL+C, it no longer exits. nbsp;It just returns Ready to process gt; requests.. nbsp;The PID doesn't change, so it's not like its exiting and gt; restarting. gt; gt; I looked at http://wiki.freeradius.org/Rlm_perl (yes...I know...perl != gt; python, but as the python page doesn't say much, I'm going on the perl page gt; for a starting point) and it doesn't look like the script has to do anything gt; to handle exits. nbsp;Does anyone know what I'm missing? gt; gt; Thanks, gt; --Brian gt; gt; - gt; List info/subscribe/unsubscribe? See gt; http://www.freeradius.org/list/users.html gt; -- next part -- An HTML attachment was scrubbed... URL: lt;https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110126/70e696f4/attachment.htmlgt; -- Message: 2 Date: 27 Jan 2011 02:34:05 - From: vijay s sheelavantar lt;s_vija...@rediffmail.comgt; Subject: Radius authentication problem. To: freeradius-users lt;freeradius-users@lists.freeradius.orggt; Message-ID: lt;20110127023405.36957.qm...@f4mail-235-233.rediffmail.comgt; Content-Type: text/plain; charset=utf-8 Hello Friends,I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42). I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4). I have done the follwoing configuration at both sides SERVER SIDE. users file vijay amp;nbsp; amp;nbsp;Auth-Type := Local, Cleartext-Password == 123qwe, NAS-IP-Address == 10.150.113.4amp;nbsp;amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp; Reply-Message = Hello, %u clients.confclient 127.0.0.1 {secret amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp;= testing123shortname amp;nbsp; amp;nbsp; amp;nbsp; = localhostnastype amp;nbsp; amp;nbsp; = other}client 10.150.113.4/24 {amp;nbsp;amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp;secret amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp;= testing123amp;nbsp;amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp;shortname amp;nbsp; amp;nbsp; amp;nbsp; = private-network-1}amp;nbsp;client 10.150.110.42/24 {amp;nbsp;amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp;secret amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp;= testing123amp;nbsp;amp;nbsp; amp;nbsp; amp;nbsp; amp;nbsp
Radius authentication problem.
Hello Friends,I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42). I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4). I have done the follwoing configuration at both sides SERVER SIDE. users file vijay nbsp; nbsp;Auth-Type := Local, Cleartext-Password == 123qwe, NAS-IP-Address == 10.150.113.4nbsp;nbsp; nbsp; nbsp; nbsp; nbsp; Reply-Message = Hello, %u clients.confclient 127.0.0.1 {secret nbsp; nbsp; nbsp; nbsp; nbsp;= testing123shortname nbsp; nbsp; nbsp; = localhostnastype nbsp; nbsp; = other}client 10.150.113.4/24 {nbsp;nbsp; nbsp; nbsp; nbsp;secret nbsp; nbsp; nbsp; nbsp; nbsp;= testing123nbsp;nbsp; nbsp; nbsp; nbsp;shortname nbsp; nbsp; nbsp; = private-network-1}nbsp;client 10.150.110.42/24 {nbsp;nbsp; nbsp; nbsp; nbsp;secret nbsp; nbsp; nbsp; nbsp; nbsp;= testing123nbsp;nbsp; nbsp; nbsp; nbsp;shortname nbsp; nbsp; nbsp; = private-network-1} I have not changed anything in radiusd.conf. CLIENT SIDE/etc/pam.d/sshdauth nbsp; nbsp; nbsp; sufficient nbsp; pam_radius_auth.so /etc/raddb/server# server[:port] shared_secret nbsp; nbsp; nbsp;timeout (s)127.0.0.1 nbsp; nbsp; nbsp; testing123 nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;110.150.110.42 nbsp; testing123 nbsp; nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;3other-server nbsp; nbsp;other-secret nbsp; nbsp; nbsp; nbsp; nbsp; nbsp;3 /etc/ssh/sshd_configUsePAM yes Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. kindly let me know what else configuration i have to do, or if there are any mistakes in my configuration plz help to correcr it. Thank you. Regards, VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem installing freeRadius Server
Hello Friends,I am trying to install free radius on a old linux machine. the configuration is as fillows [root@localhost freeradius-server-2.1.10]# uname -aLinux localhost.localdomain 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux[root@localhost freeradius-server-2.1.10]# whereis pythonpython: /usr/bin/python2.2 /usr/bin/python /usr/lib/python2.2 /usr/local/bin/python2.7 /usr/local/bin/python2.7-config /usr/local/bin/python /usr/local/lib/python2.7 /usr/include/python2.2 /usr/share/man/man1/python.1.gz[root@localhost freeradius-server-2.1.10]# While compiling the server i get following errorsroot/vijay/freeradius-server-2.1.10/src/freeradius-devel/modules.h:12: warning: `used' attribute ignoredrlm_python.c: In function `python_error':rlm_python.c:177: `PyGILState_STATE' undeclared (first use in this function)rlm_python.c:177: (Each undeclared identifier is reported only oncerlm_python.c:177: for each function it appears in.)rlm_python.c:177: parse error before __gstaterlm_python.c:195: warning: implicit declaration of function `PyGILState_Release'rlm_python.c:195: `__gstate' undeclared (first use in this function)rlm_python.c: In function `python_init':rlm_python.c:215: warning: passing arg 2 of `PyModule_AddIntConstant' discards qualifiers from pointer target typerlm_python.c: In function `python_function':rlm_python.c:352: `PyGILState_STATE' undeclared (first use in this function)rlm_python.c:352: parse error before gstate By default i had python2.2 installed in my linux PC under the path /usr/bin/python2.2, in the mailing list somebody replied that new version of python is required, so I installed Python2.7.1. but in /usr/bin i can't see python2.7.1nbsp; Please let me know how can i fix this error and install the Radius server successfully. Thank you in advance. Thanks and Regards,VIJAY S.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html