:
Sorry for inconvenience.
I have enabled flag of mips in md5.c file of pam_radius_auth and my
issue is resolved now.
Ahhh.
https://github.com/FreeRADIUS/pam_radius/commit/c61a218efb2a0ec4f493bcc9fa735306f779ea64
-Arran
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list
On 9 Nov 2012, at 14:07, Deep Shah deep.s...@strixsystems.com wrote:
Hi Arran,
On one another board, still I am getting the same error. Still should I need
to change any other thing?
Apparently MIPS and SPARC CPU's have configurable endianess, so the __sparc and
__mips checks are
On Tue, Oct 30, 2012 at 12:42 PM, Deep Shah deep.s...@strixsystems.com wrote:
Hi,
Thank you for your reply.
Here, radius server is at /usr/local/etc/raddb/ (which is on pc side) and I
have configured and put my client which is at /etc/raddb/server.
When I am getting pam_radius_auth
Sorry for inconvenience.
I have enabled flag of mips in md5.c file of pam_radius_auth and my issue
is resolved now.
Regards,
Deep
On Tue, Oct 30, 2012 at 11:20 AM, Fajar A. Nugraha l...@fajar.net wrote:
On Tue, Oct 30, 2012 at 12:42 PM, Deep Shah deep.s...@strixsystems.com
wrote:
Hi
On 30 Oct 2012, at 14:13, Deep Shah deep.s...@strixsystems.com wrote:
Sorry for inconvenience.
I have enabled flag of mips in md5.c file of pam_radius_auth and my issue is
resolved now.
Ahhh.
https://github.com/FreeRADIUS/pam_radius/commit/c61a218efb2a0ec4f493bcc9fa735306f779ea64
Hi,
I am trying to integrate linux-pam library and pam_radius_auth module to my
busybox 1.17.3 version. I want to login through radius server on the host
machine. I am using power pc as my board. I have configured the files of
configuration as below.
*client.conf* * (conf file)*
client
Hi Alan,
To give some more debug, the below print is what I am getting on client
side. Can you please look in to it?
pam_radius_auth: packet from RADIUS server 192.168.100.19 fails
verification: The shared secret is probably incorrect.
Regards,
Deep
On Mon, Oct 29, 2012 at 6:54 PM, Deep Shah
On Tue, Oct 30, 2012 at 01:14:09AM +0530, Deep Shah wrote:
pam_radius_auth: packet from RADIUS server 192.168.100.19 fails
verification: The shared secret is probably incorrect.
WARNING: Unprintable characters in the password. Double-check the
shared secret on the server and the NAS
On Tue, Oct 30, 2012 at 5:24 AM, Matthew Newton m...@leicester.ac.uk wrote:
On Tue, Oct 30, 2012 at 01:14:09AM +0530, Deep Shah wrote:
pam_radius_auth: packet from RADIUS server 192.168.100.19 fails
verification: The shared secret is probably incorrect.
WARNING: Unprintable characters
Hi Fajar and Mathhew,
Thank you so much for your reply.
I have checked several times that both the keys from pam_radius_auth.conf
and my radius server are same. But then also I am getting these prints.
Please find below my pam_radius_auth.conf file snap shot.
# pam_radius_auth configuration
On Tue, Oct 30, 2012 at 12:14 PM, Deep Shah deep.s...@strixsystems.com wrote:
Please find below my pam_radius_auth.conf file snap shot.
# pam_radius_auth configuration file. Copy to: /etc/raddb/server
Is it in the correct place?
Since your earlier logs says /usr/local/etc/raddb, you might
Hi,
Thank you for your reply.
Here, radius server is at /usr/local/etc/raddb/ (which is on pc side) and I
have configured and put my client which is at /etc/raddb/server.
When I am getting pam_radius_auth: packet from RADIUS server
192.168.100.27 fails verification: The shared secret
Hi,
Thank you for your reply.
Here, radius server is at /usr/local/etc/raddb/ (which is on pc side) and I
have configured and put my client which is at /etc/raddb/server.
When I am getting pam_radius_auth: packet from RADIUS server
192.168.100.27 fails verification: The shared secret
Hi Folks,
I'm compiling my pam_radius_auth on x86_64 source and getting the
following in my logs:
Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Got user name
jmaltin@ip_removed_by_poster
Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Sending RADIUS request code 1
Mar 14 12:57:29 app2
Judd Maltin wrote:
I'm compiling my pam_radius_auth on x86_64 source and getting the
following in my logs:
...
Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT
Another PAM module is butchering the password, before it is sent to
pam_radius_auth. Go fix
On Wed, Mar 14, 2012 at 2:24 PM, Alan DeKok al...@deployingradius.com wrote:
Judd Maltin wrote:
I'm compiling my pam_radius_auth on x86_64 source and getting the
following in my logs:
...
Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT
Another PAM module
Hi Guys,
I'd like to recall this because now I also met this problem.
I also need add Calling-Station-Id to accounting request
But I can't find how the account part in pam radius source code.
Can anyone help to figure it out and tell me which codes I need added in?
hope hearing from you asap.
lth0721 wrote:
I'd like to recall this because now I also met this problem.
I also need add Calling-Station-Id to accounting request
But I can't find how the account part in pam radius source code.
Can anyone help to figure it out and tell me which codes I need added in?
That's a question
vijay s sheelavantar wrote:
1. does pam_radius_auth.so support authorization of user accounts?
What does that mean?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,Please clarify my doubts.
1. does pam_radius_auth.so support authorization of user accounts?nbsp;2. If
Yes how can we achieve it? what configurations need to be done. Now
pam_radius_auth.c sends authentication requests with the
valuenbsp;PW_AUTHENTICATE_ONLY. what value i need to send? and
Peter Lambrechtsen wrote:
Interestingly it seems to have come down to how UINT4 was defined.
Changing in the radius.h UINT4 from being a unsigned long to a unit32_t
seemed to have sorted the problem:
OK. That change should have been made long ago. Any system which
doesn't have uint32_t
Peter Lambrechtsen wrote:
It seems around like 734 in pam_radius_auth.c:
if ((hp = gethostbyname(hostname)) == (struct hostent *) NULL) {
ipaddr = 0x;/* no client IP address */
} else {
ipaddr = ntohl(*(UINT4 *) hp-h_addr); /* use the first one
available */
Interestingly it seems to have come down to how UINT4 was defined.
Changing in the radius.h UINT4 from being a unsigned long to a unit32_t
seemed to have sorted the problem:
---Begin Patch
--- radius.h.orig Fri Sep 24 15:17:05 2010
+++ radius.hWed Sep 29 10:56:36 2010
@@ -36,7
Peter Lambrechtsen wrote:
Hello
I've managed to compile pam_radius-1.3.17 both 32Bit and 64Bit.
I had to add -lsocket as part of linking to get it to work and modified
the make file to have -m64 to compile on 64bit
When I compile it for 64Bit this is my make output:
...
But when I try
On Wed, Sep 22, 2010 at 6:06 PM, Alan DeKok al...@deployingradius.comwrote:
Any suggestions on what to do with gdb or to debug this problem??
$ gdb --args ./pamtester jpam peter authenticate
(gdb) run
(gdb) bt
This is what I get back:
(gdb) run
Starting program:
Peter Lambrechtsen wrote:
This is what I get back:
(gdb) run
Starting program: /usr/local/bin/sparcv9/pamtester jpam peter authenticate
procfs:4337 -- process not stopped.
procfs: ...giving up...
(gdb) bt
procfs: couldn't find pid 7326 (kernel thread 1) in procinfo list.
procfs: couldn't
On Wed, Sep 22, 2010 at 9:55 PM, Alan DeKok al...@deployingradius.comwrote:
Peter Lambrechtsen wrote:
This is what I get back:
(gdb) run
Starting program: /usr/local/bin/sparcv9/pamtester jpam peter
authenticate
procfs:4337 -- process not stopped.
procfs: ...giving up...
(gdb) bt
Hello
I've managed to compile pam_radius-1.3.17 both 32Bit and 64Bit.
I had to add -lsocket as part of linking to get it to work and modified the
make file to have -m64 to compile on 64bit
When I compile it for 64Bit this is my make output:
gcc -Wall -fPIC -m64 -c pam_radius_auth.c -o
Mike J wrote:
I've fixed the x86 module (was using a wrong client config file). So I
have x86 working but don't have the ppc module working.
..
Is this likely the cause of my issue?
Yes. Figure out how to build the MD5 code with the correct endian
definitions. Don't be afraid to
On Fri, Aug 6, 2010 at 12:39 AM, Alan DeKok al...@deployingradius.comwrote:
Mike J wrote:
I've fixed the x86 module (was using a wrong client config file). So I
have x86 working but don't have the ppc module working.
..
Is this likely the cause of my issue?
Yes. Figure out how to
On Tue, Jul 27, 2010 at 1:22 AM, Alan DeKok al...@deployingradius.comwrote:
Mike J wrote:
It is a PPC module. However, since I was having problems with it I
decided to install the PAM module for my x86 workstation (from the
Ubuntu Hardy repository). I'm getting the same results. The
Mike J wrote:
It is a PPC module. However, since I was having problems with it I
decided to install the PAM module for my x86 workstation (from the
Ubuntu Hardy repository). I'm getting the same results. The
client/server talk to each other but the password doesn't seem to be
decrypted when
On Fri, Jul 23, 2010 at 4:54 AM, Alan DeKok al...@deployingradius.comwrote:
Mike J wrote:
Now obviously is says there's a problem with the secret, but I believe
I've setup the secret correctly in the configs I've shown above.
Does anybody have any ideas what I'm doing wrong?
Either the
Mike J wrote:
Now obviously is says there's a problem with the secret, but I believe
I've setup the secret correctly in the configs I've shown above.
Does anybody have any ideas what I'm doing wrong?
Either the password is incorrect, or the MD5 calculations on the PAM
or server side are
pam_radius_auth) I have the following in
/etc/raddb/server:
# server[:port]shared_secret timeout (s)
SERVERIP testing123 4
Now, when I try to authenticate my pam radius client, I get this in the
client logs:
Jul 22 10:22:45 (none) pamtest: pam_radius_auth: Got user name testing
Jul 22 10:22:54
Hello,
I planning on testing pam_radius_auth under Solaris 10 at a client site.
I've copied below the output I get which contains a certain amount of
warnings. I do get the library .so produced, so can these warning be ignored
safely ?
Thanks for any pointers/advice.
Martin
8
Martin Richard wrote:
Hello,
I planning on testing pam_radius_auth under Solaris 10 at a client
site. I've copied below the output I get which contains a certain amount
of warnings. I do get the library .so produced, so can these warning be
ignored safely ?
They are warnings
I try to authenticate on sshd through pam by the pam_radius_auth, my
platform is based on PowerPc(big endian). After changes in md5 file i
accepted authentication is ok on the radius server, but my side of sshd is
failed( i don't succeed to accept the session when i try to connect to sshd
How i can to fix pam_radius_auth for big endian platform?
Thanks, Max
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
maxim maxim wrote:
How i can to fix pam_radius_auth for big endian platform?
The module works (or should) on big endian systems. See md5.c for
sparc/mips configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
file, but only in local
/etc/passwd and /etc/shadow.
With the first example, when FreeRADIUS is up, I can log in as remote-admin,
and the logs shows that pam_radius_auth got clearance from radiusd. I can also
log in as local-admin, no matter if radiusd is up or not (the logs show that
radiusd
with this function.
That worked. Thanks. (make file required some editing, because of gcc i
think)
--
View this message in context:
http://www.nabble.com/pam_radius_auth-v1.3.17-missing-a-definetp20629756p20689780.html
Sent from the FreeRadius - User mailing list archive at Nabble.com
David Ly wrote:
I've been looking into the source code of pam radius, due to
authentication failure without a entry in the local /etc/passwd file,
That's the PAM value add...
and i've noticed that;
/|'PAM_SM_ACCOUNT|/ must be *#define*'d prior to including
|security/pam_modules.h|.'
Hi,
I've been looking into the source code of pam radius, due to
authentication failure without a entry in the local /etc/passwd file,
and i've noticed that;
/|'PAM_SM_ACCOUNT|/ must be *#define*'d prior to including
|security/pam_modules.h|.'
isn't being done.
Was this done on purpose?
Megan wrote:
Good Day,
I am making an attempt to setup sudo authentication on a Centos 5.2
server to work with pam_radius_auth. I rwant ldap to handle my
regular users (this works already) and I want my privileged users to
authenticate through radius when they use sudo. I put the below
Good Day,
I am making an attempt to setup sudo authentication on a Centos 5.2
server to work with pam_radius_auth. I rwant ldap to handle my
regular users (this works already) and I want my privileged users to
authenticate through radius when they use sudo. I put the below in
/etc/pam.d/sudo
Greetings list,
This host is running CentOS 4.3. uname -r output
2.6.9-67.0.4.plus.c4smp. I have tried looking for an already compiled
module for PAM on centos without success, my google-foo is weak apparently.
I downloaded the tar file straight from freeradius.org. When I unpacked and
tried
chase pettet wrote:
This host is running CentOS 4.3. uname -r output
2.6.9-67.0.4.plus.c4smp. I have tried looking for an already
compiled module for PAM on centos without success, my google-foo is
weak apparently. I downloaded the tar file straight from
freeradius.org
Hi,
Is there a way to tell pam_radius_auth to send a value in
Calling-Station-Id?
Source code edits.
I might do that, but...
Is there a way at all to send variables to PAM at all, to be used for
setting Calling-Station-Id within pam_radius_auth?
Source code edits
Stefan Winter wrote:
Source code edits.
... that would be *PAM* source code edits? Yuck. It's not that important.
No.. The pam_radius_auth code could be updated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
a somewhat sophisticated problem: in a mail server, we'd like to record the IP
address of the client that triggered the IMAP authentication request. The
IMAP server uses PAM, specifically pam_radius_auth.
Is there a way to tell pam_radius_auth to send a value in Calling-Station-Id
Stefan Winter wrote:
Is there a way to tell pam_radius_auth to send a value in Calling-Station-Id?
Source code edits.
Is there a way at all to send variables to PAM at all, to be used for setting
Calling-Station-Id within pam_radius_auth?
Source code edits.
Alan DeKok.
-
List info
Hi Alan,
So fix DNS so that it has a name to IP mapping for that host. Or,
add that name to IP mapping into /etc/hosts.
The module can't do anything if you tell it to use radius1 as a
RADIUS server, and the don't tell it where radius1 is on the network.
We have entry in the
I'm trying to get RADIUS authentication to work on one of our systems,
but keep running into problems. For some reason it seems that the
account system does not allow the user to login, and once the user has
been authenticated, it drops the connection by not allowing sshd to
establish
pam_radius_auth.
I post to the freeradius list because the pam_radius_auth PAM module is
part of the FreeRADIUS project, and there's a great chance that people
on that list have used pam_radius_auth in the past.
If you have any other questions related to where and why I post things,
please take
You have posted a question to the freeradius list and included a debug
from - OpenSSH??? Don't you think that freeradius debug would be more
helpful?
Ivan Kalik
Kalik Informatika ISP
Dana 8/1/2008, Johan Rydberg [EMAIL PROTECTED] piše:
I'm trying to get RADIUS authentication to work on one of
in this regards.
Error we are getting
Jan 8 13:57:27 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth: Fai
led looking up IP address for RADIUS server radius1 (errcode=12)
Jan 8 13:57:27 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth: Fai
led looking up IP address for RADIUS server
Johan Rydberg wrote:
It seems that OpenSSH first tries to authetnicate the user with an
empty password (), because if I set an empty password both in the
local /etc/passwd, and on the RADIUS server, sshd is able to establish
credentials for the user.
PAM does weird things. OpenSSH does
fine. Could you please help in this regards.
Error we are getting
Jan 8 13:57:27 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth:
Fai
led looking up IP address for RADIUS server radius1 (errcode=12)
So fix DNS so that it has a name to IP mapping for that host. Or,
add
Florin Andrei wrote:
I attached an updated spec file for pam_radius_auth. The original one
fails when building as non-root. I fixed that and made a few other minor
changes.
The install stage SHOULD set the permissions correctly.
It would be nice if the build system could generate this spec
11:59
To: FreeRadius users mailing list
Subject: RE: PAM_RADIUS_AUTH
Is this compatible with Solaris 10
First time I tried with IP address only, and got the following error.
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth:
Failed looking up IP address for RADIUS server
Sobanbabu Bakthavathsalu wrote:
Hi Alan,
Any thought gone on this?
Why is the plugin unable to resolve the IP address of the RADIUS server, or
trying to resolve an IP to IP?
It's not. It's trying to resolve it's own IP address. Make sure DNS
works, or edit the code to remove all
Is this compatible with Solaris 10
First time I tried with IP address only, and got the following error.
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth:
Failed looking up IP address for RADIUS server 10.213.31.186 (errcode=12)
Oct 25 19:58:20 ada-delegate1 login
Hi Alan,
First time I tried with IP address only, and got the following error.
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error] pam_radius_auth:
Failed looking up IP address for RADIUS server 10.213.31.186 (errcode=12)
Oct 25 19:58:20 ada-delegate1 login: [ID 801593 auth.error
Hi
I am trying install the PAM_RADIUS_AUTH on a Solaris 10 server to use RADIUS
for user authentication.
I have managed to successfully compile and install the pam plugin.
When I tried to telnet to the machine from a different server I am getting the
following error.
Failed looking up IP
On 10/30/07, Sobanbabu Bakthavathsalu [EMAIL PROTECTED] wrote:
Hi
I am trying install the PAM_RADIUS_AUTH on a Solaris 10 server to use RADIUS
for user authentication.
I have managed to successfully compile and install the pam plugin.
When I tried to telnet to the machine from a different
entries in /etc/hosts file wont work for this, do I need a DNS
server for RADIUS server name authentication to work with pam_radius_auth.
The server in question is not configured for any DNS server for name
resolution, it uses the hosts file only.
Hope this provides more information.
Regards
I attached an updated spec file for pam_radius_auth. The original one
fails when building as non-root. I fixed that and made a few other minor
changes.
It would be nice if the build system could generate this spec file from
a template, automatically replace the version number inside the spec
Florin Andrei wrote:
I attached an updated spec file for pam_radius_auth.
No, I didn't. _Now_ I did. :-/
--
Florin Andrei
http://florin.myip.org/
%define name pam_radius_auth
%define shortname pam_radius
%define version 1.3.17
%define release 0
Name: %{name}
Summary: PAM Module for RADIUS
the router.
Is that host entries in /etc/hosts file wont work for this, do I need a DNS
server for RADIUS server name authentication to work with pam_radius_auth.
No. You *can* enter just an IP address...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Markus,
Did you get any replies to your post from the 18th about pam_radius_auth
not working, as I am having exactly the same issue.
What I have found out is that the pam_radius_auth module is fine, except
when the user is not in the password file. At this point it would seem that
something
Hi all,
I have a problem with pam_radius_auth-module, maybe someone can help me.
The situation:
I am running freeradius 1.1.6 and installed the pam_radius_auth-Module
In the file /etc/pam.d/sshd I inserted the line
Auth required pam_radius_auth.so
like it is described in the docu
Dan Delaney wrote:
Does anyone know how to change the service type that pam_radius_auth
passes to the server?
Source code modifications.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Wednesday, March 21, 2007 2:46 AM
To: FreeRadius users mailing list
Subject: Re: pam_radius_auth
Dan Delaney wrote:
Does anyone know how to change the service type
Looking for some help on configuring pam_radius_auth with linux for pop3 and
imap services.
Anyone have any clues?
I currently have my /etc/pam.d/pop3 and imap files showing:
auth sufficient /lib/security/pam_radius_auth.so try_first_pass
accountsufficient /lib/security
Does anyone know how to change the service type that pam_radius_auth passes
to the server?
Currently, it is sending an interactive login, but I need to change it to a
network login.
This is using pam.d on a FC6 system.
Thank you
Dan Delaney
-
List info/subscribe/unsubscribe
Hello,
I found in the archive that pam_radius questions can be asked here so here
is mine:
I am using pam_radius_auth to authenticate and do some accounting against
a freeradius+ldaps server (which works perfectly).
Everything (authorization, authentication and accounting) work perfectly
Christophe Boyanique wrote:
In fact the main problem is if I su to an unprivileged user, no accounting
packet is sent and output displays:
su: pam_radius_auth: Could not open configuration file /etc/raddb/server:
Permission denid
Yes. That file has to be readable by the user
Alan DeKok a écrit :
Yes. That file has to be readable by the user. This is a limitation
of PAM, I think, where the pam_radius_auth module is run as the user.
This is what I thought but I wanted to have a confirmation about that to
be sure.
It's a problem. A solution (a bad one
Hi,
I'm testing Freeradius in order to autenticate squid user trough PAM module.
My architecture is:
SQUID SERVER -- PAM_AUTH_RADIUS -- FREERADIUS -- SQL DB
All work fine but frequently in /var/log/messages I see this message:
Safesquid: pam_radius_auth: radius server
Maurizio Pederneschi wrote:
Hi,
I’m testing Freeradius in order to autenticate squid user trough PAM
module. My architecture is:
SQUID SERVER à PAM_AUTH_RADIUS à FREERADIUS à SQL DB
All work fine but frequently in /var/log/messages I see this message:
*Safesquid: pam_radius_auth: radius
Hello,
I am new to the list and a newbie on RADIUS. My problem is
not directly related to using freeradius, but rather
accessing a RADIUS server via the pam_radius_auth module.
Since this module seems to be supported/maintained under
freeradius, I hope to get some help from the list members
Attualmente non sono in sede. Per richieste urgenti contattare lo 800 919299 o
inviare una mail a [EMAIL PROTECTED] oppure a [EMAIL PROTECTED]
Cordiali Saluti
Giuseppe Parlato
Area Network
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
Mircea Harapu wrote:
I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
ldap
The problem is that radius is sending the password to ldap in clear
and
not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password
Mircea Harapu wrote:
PAP sends the following radius request:
User-Name = Someuser
User-Password = somepassword
HOWEVER, the User-Password field in a radius packet is defined by RFC to
be encrypted with the radius shared secret.
The pam_radius_auth is sending User-Password without beeing
Mircea Harapu [EMAIL PROTECTED] wrote:
The pam_radius_auth is sending User-Password without beeing encrypted .
If you know more about RADIUS than the people on this list, I'm
curious why you're asking questions about it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and
not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to FreeRADIUS in the clear,
because
Mircea Harapu wrote:
I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and
not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to FreeRADIUS
Phil Mayers [EMAIL PROTECTED] wrote:
I think Alan, as the main FreeRadius developer, is probably aware of
that feature. He is aware that it does NOT do what you claim.
I'm always amazed at the people who patiently explain to me why I'm
wrong, and why their confused ideas about the server I
Hello ,
I'm trying to make a ssh authentication with pam_radius_auth + freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and not
crypted with CRYPT as configured in ldap module .
Using :
pam_radius-1.3.16-68
FreeRADIUS Version 1.0.4
---
Mircea Harapu
Abuse
Mircea Harapu [EMAIL PROTECTED] wrote:
I'm trying to make a ssh authentication with pam_radius_auth + freeradius +
ldap
The problem is that radius is sending the password to ldap in clear and not
crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password
This question appears in various forums time and time again though I've yet to
discover a solution for it under linux. It *must* be a common issue
The need exists to map users who are successfully authenticated via
pam_radius_auth and who do not have a local account to a default 'token
The pam_radius_auth README says It allows ... password change
requests. But the USAGE file says Password changing is not
implemented.
That sounds contradictory.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Walter Goulet [EMAIL PROTECTED] wrote:
Quick question regarding pam_radius_auth. Since you have to have a
local account on the client machine using pam_radius_auth to
authenticate ssh sessions, how would you go about adding a realm to
the username portion
Hi,
Quick question regarding pam_radius_auth. Since you have to have a
local account on the client machine using pam_radius_auth to
authenticate ssh sessions, how would you go about adding a realm to
the username portion of the authentication request?
Reason I'm asking is because I'd like to use
Walter Goulet [EMAIL PROTECTED] wrote:
Quick question regarding pam_radius_auth. Since you have to have a
local account on the client machine using pam_radius_auth to
authenticate ssh sessions, how would you go about adding a realm to
the username portion of the authentication request?
Edit
Has anyone seen an issue with Sun SSH and pam_radius_auth where it sends a
RADIUS Access-Request packet appearntly during ssh-connection method none?
Nov 10 23:30:06 aaa01 sshd[8702]: [ID 800047 auth.debug] debug1:
userauth-request for user red service ssh-connection method none
Nov 10 23
On 10/3/05, Alan DeKok [EMAIL PROTECTED] wrote:
Rich Graves [EMAIL PROTECTED] wrote: This setup regularly fails under any sort of concurrency. Threading issues seem one likely reason. pam_radius_auth.c hasn't been touched
in a while an d hasn't had the same attention to thread safety asThe PAM
Rich Graves [EMAIL PROTECTED] wrote:
I know (just barely) enough to agree with that, but want more hints as to
the granularity -- do I need to lock all of pam_sm_authenticate, or just
talk_radius?
I would lock each PAM function.
Ick. Well, with only a single conf-sockfd, there really is no
I've inherited a setup with authentication information on a local
freeradius 1.0.5 server and OpenLDAP (with pthreads) configured to
authenticate to SASL (v1 interface), which in turn uses PAM, which in
turn is configured to check passwords with pam_radius_auth 1.3.16. All
of this is on Linux
1 - 100 of 131 matches
Mail list logo