Judd Maltin wrote:
I'm compiling my pam_radius_auth on x86_64 source and getting the
following in my logs:
...
Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT
Another PAM module is butchering the password, before it is sent to
pam_radius_auth. Go fix that.
On Wed, Mar 14, 2012 at 2:24 PM, Alan DeKok al...@deployingradius.com wrote:
Judd Maltin wrote:
I'm compiling my pam_radius_auth on x86_64 source and getting the
following in my logs:
...
Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT
Another PAM module is
vijay s sheelavantar wrote:
1. does pam_radius_auth.so support authorization of user accounts?
What does that mean?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
maxim maxim wrote:
How i can to fix pam_radius_auth for big endian platform?
The module works (or should) on big endian systems. See md5.c for
sparc/mips configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok-2 wrote:
David Ly wrote:
I've been looking into the source code of pam radius, due to
authentication failure without a entry in the local /etc/passwd file,
That's the PAM value add...
Could you explain what PAM value add means/is?
Alan DeKok-2 wrote:
You
David Ly wrote:
I've been looking into the source code of pam radius, due to
authentication failure without a entry in the local /etc/passwd file,
That's the PAM value add...
and i've noticed that;
/|'PAM_SM_ACCOUNT|/ must be *#define*'d prior to including
|security/pam_modules.h|.'
Megan wrote:
Good Day,
I am making an attempt to setup sudo authentication on a Centos 5.2
server to work with pam_radius_auth. I rwant ldap to handle my
regular users (this works already) and I want my privileged users to
authenticate through radius when they use sudo. I put the below in
Florin Andrei wrote:
I attached an updated spec file for pam_radius_auth. The original one
fails when building as non-root. I fixed that and made a few other minor
changes.
The install stage SHOULD set the permissions correctly.
It would be nice if the build system could generate this spec
11:59
To: FreeRadius users mailing list
Subject: RE: PAM_RADIUS_AUTH
Is this compatible with Solaris 10
First time I tried with IP address only, and got the following error.
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth:
Failed looking up IP address for RADIUS server
Sobanbabu Bakthavathsalu wrote:
Hi Alan,
Any thought gone on this?
Why is the plugin unable to resolve the IP address of the RADIUS server, or
trying to resolve an IP to IP?
It's not. It's trying to resolve it's own IP address. Make sure DNS
works, or edit the code to remove all
From: Sobanbabu Bakthavathsalu
Sent: 31 October 2007 10:46
To: FreeRadius users mailing list
Subject: RE: PAM_RADIUS_AUTH
Hi Alan,
First time I tried with IP address only, and got the following error.
Oct 25 19:58:20 ada-delegate1 login: [ID 801593
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Alan DeKok [EMAIL
PROTECTED]
Sent: 30 October 2007 17:28
To: FreeRadius users mailing list
Subject: Re: PAM_RADIUS_AUTH
Sobanbabu Bakthavathsalu wrote:
Thank you for the response. There is no firewall in between the RADIUS
On 10/30/07, Sobanbabu Bakthavathsalu [EMAIL PROTECTED] wrote:
Hi
I am trying install the PAM_RADIUS_AUTH on a Solaris 10 server to use RADIUS
for user authentication.
I have managed to successfully compile and install the pam plugin.
When I tried to telnet to the machine from a different
Soban
From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Nick Owen [EMAIL
PROTECTED]
Sent: 30 October 2007 15:37
To: FreeRadius users mailing list
Subject: Re: PAM_RADIUS_AUTH
On 10/30/07, Sobanbabu Bakthavathsalu [EMAIL PROTECTED] wrote:
Hi
I am
Florin Andrei wrote:
I attached an updated spec file for pam_radius_auth.
No, I didn't. _Now_ I did. :-/
--
Florin Andrei
http://florin.myip.org/
%define name pam_radius_auth
%define shortname pam_radius
%define version 1.3.17
%define release 0
Name: %{name}
Summary: PAM Module for RADIUS
Sobanbabu Bakthavathsalu wrote:
Thank you for the response. There is no firewall in between the RADIUS server
and Solaris server (RADIUS client), only an Cisco router with standard ACL. I
have verified the ACL matches counter and found that the request from the
clinet itself is not reachign
Markus,
Did you get any replies to your post from the 18th about pam_radius_auth
not working, as I am having exactly the same issue.
What I have found out is that the pam_radius_auth module is fine, except
when the user is not in the password file. At this point it would seem that
something
Dan Delaney wrote:
Does anyone know how to change the service type that pam_radius_auth
passes to the server?
Source code modifications.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Wednesday, March 21, 2007 2:46 AM
To: FreeRadius users mailing list
Subject: Re: pam_radius_auth
Dan Delaney wrote:
Does anyone know how to change the service type
Mircea Harapu wrote:
I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
ldap
The problem is that radius is sending the password to ldap in clear
and
not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to
Mircea Harapu wrote:
PAP sends the following radius request:
User-Name = Someuser
User-Password = somepassword
HOWEVER, the User-Password field in a radius packet is defined by RFC to
be encrypted with the radius shared secret.
The pam_radius_auth is sending User-Password without beeing
Mircea Harapu [EMAIL PROTECTED] wrote:
The pam_radius_auth is sending User-Password without beeing encrypted .
If you know more about RADIUS than the people on this list, I'm
curious why you're asking questions about it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and
not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to FreeRADIUS in the clear,
because
Mircea Harapu wrote:
I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and
not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to FreeRADIUS in the
Phil Mayers [EMAIL PROTECTED] wrote:
I think Alan, as the main FreeRadius developer, is probably aware of
that feature. He is aware that it does NOT do what you claim.
I'm always amazed at the people who patiently explain to me why I'm
wrong, and why their confused ideas about the server I
Mircea Harapu [EMAIL PROTECTED] wrote:
I'm trying to make a ssh authentication with pam_radius_auth + freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to
On 10/3/05, Alan DeKok [EMAIL PROTECTED] wrote:
Rich Graves [EMAIL PROTECTED] wrote: This setup regularly fails under any sort of concurrency. Threading issues seem one likely reason. pam_radius_auth.c hasn't been touched
in a while an d hasn't had the same attention to thread safety asThe PAM
Rich Graves [EMAIL PROTECTED] wrote:
I know (just barely) enough to agree with that, but want more hints as to
the granularity -- do I need to lock all of pam_sm_authenticate, or just
talk_radius?
I would lock each PAM function.
Ick. Well, with only a single conf-sockfd, there really is no
Rich Graves [EMAIL PROTECTED] wrote:
This setup regularly fails under any sort of concurrency. Threading
issues seem one likely reason. pam_radius_auth.c hasn't been touched
in a while an d hasn't had the same attention to thread safety as
the core freeradius code.
The PAM modules really
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
I would like to know is there any way to increase the debug level on
PAM_RADIUS_AUTH module.
Source code modifications.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can you please tell me which source code to modify?
Thanks
--Original Message--
From: Alan DeKok
To: FreeRadius users mailing list
ReplyTo: FreeRadius users mailing list
Sent: Jun 29, 2005 1:06 PM
Subject: Re: PAM_RADIUS_AUTH
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
I would
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Can you please tell me which source code to modify?
The source code to pam_radius_auth? You did say you wanted more
debugging information from it. Why would you edit the source code to
anything else?
Alan DeKok.
-
List
]
Sent: Wednesday, June 29, 2005 2:04 PM
To: FreeRadius users mailing list
Subject: Re: PAM_RADIUS_AUTH
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Can you please tell me which source code to modify?
The source code to pam_radius_auth? You did say you wanted more
debugging
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
I was able to get the vsftpd working, I can
authenticate but when I go check to the /var/log/messages I see the
following message.
vsftpd[X]: pam_radius_auth: No RADIUS server found in configuration file
/etc/raddb/server
So...
:[EMAIL PROTECTED]
Sent: Tuesday, June 14, 2005 11:16 AM
To: FreeRadius users mailing list
Subject: Re: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
I was able to get the vsftpd working, I can
authenticate but when I go check to the /var/log
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Here is the content of the pam_radius_auth.conf file and yes it does exist
in /etc/raddb/server folder.
# server[:port] shared_secret timeout (s)
#127.0.0.1 secret 1
IP Address XXX.XXX.XXX.XXX Secret_Key3
, 2005 12:48 PM
To: FreeRadius users mailing list
Subject: Re: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Here is the content of the pam_radius_auth.conf file and yes it does exist
in /etc/raddb/server folder.
# server[:port] shared_secret
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Here is the full content of the file.
...
IP Address XXX.XXX.XXX.XXX Secret_Key3
That line is NONSENSE. If it's actually in your configuration file,
it WON'T WORK.
You have to list the IP address, not the text IP Address.
-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 14, 2005 2:57 PM
To: FreeRadius users mailing list
Subject: Re: PAM_RADIUS_AUTH setip on RHEL Linux 32 bit
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Here is the full content of the file.
...
IP Address XXX.XXX.XXX.XXX
Let me answer my own question.. 4 days later I found that my problem was
within the default ld statements in the Makefile. I found a command that
will compile the module successfully on AIX 5L:
Download the Linux Toolset for AIX, then:
To build pam_radius:
- change to the md5.h file.
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 10:41 AM
To: Lam, Eric
Subject: Re: Pam_radius_auth on AIX 5.1
I am able compile the pam_radius_auth.so module after some changes in
the source code. It can talk to my Radius server but the radius server
41 matches
Mail list logo