Hi,
I just update libreswan to newest 3.15 from 3.13 but now i can't
authenticate the user using XAUTH with pam+radius with the came
configuration.
Not sure if it could be some issue with some external lib... i'm using
debian wheezy - i did all the tricks to install with the newest version
of nss...
The password sent to radius server has the same value as the username...
Could it be because of Debian version or is could be an issue in the new
version?
Thanks.
My pam configuration is:
auth required pam_radius_auth.so
account required pam_radius_auth.so
session required pam_radius_auth.so
The respective log when it fail is:
***------ VERSION 3.15 - ERROR
Nov 14 21:45:13 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3:
XAUTH: Sending Username/Password request (XAUTH_R0)
Nov 14 21:45:13 sol pluto[2605]: XAUTH: User vpnuser: Attempting to login
Nov 14 21:45:13 sol pluto[2605]: XAUTH: pam authentication being called
to authenticate user vpnuser
Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Got user name vpnuser
Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Sending RADIUS request
code 1
Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: Got RADIUS response code 3
Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: authentication failed
Nov 14 21:45:14 sol pluto[2605]: XAUTH: pam_authenticate failed with
'Authentication failure'
Nov 14 21:45:14 sol pluto[2605]: XAUTH: User vpnuser: Authentication
Failed: Incorrect Username or Password
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3:
Unsupported XAUTH basic attribute XAUTH-STATUS received.
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3:
Expected MODE_CFG_REPLY is missing username and password attribute
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3:
XAUTH: Sending Username/Password request (XAUTH_R0)
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3:
XAUTH: User <unknown>: Authentication Failed (retry 1)
--- radius recv pkt:
(0) Received Access-Request Id 151 from 127.0.0.1:5141 to 127.0.0.1:1812
length 126
(0) User-Name = "vpnuser"
(0) User-Password = "vpnuser"
(0) NAS-IP-Address = 127.0.1.1
(0) NAS-Identifier = "pluto"
(0) NAS-Port = 4116
(0) NAS-Port-Type = Virtual
(0) Service-Type = Authenticate-Only
(0) Calling-Station-Id = "188.81.44.230"
****------ VERSION 3.13 -- SUCCESS
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1:
XAUTH: Sending XAUTH Login/Password Request
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1:
XAUTH: Sending Username/Password request (XAUTH_R0)
Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Attempting to login
Nov 14 22:16:26 sol pluto[28470]: XAUTH: pam authentication being called
to authenticate user vpnuser
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got user name vpnuser
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Sending RADIUS
request code 1
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got RADIUS response
code 2
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: authentication succeeded
Nov 14 22:16:26 sol pluto[28470]: XAUTH: PAM_SUCCESS
Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Authentication
Successful
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1:
XAUTH: xauth_inR1(STF_OK)
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1:
transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established
--- radius recv pkt:
(0) Received Access-Request Id 64 from 127.0.0.1:15519 to 127.0.0.1:1812
length 110
(0) User-Name = "vpnuser"
(0) User-Password = "1234test"
(0) NAS-IP-Address = 127.0.1.1
(0) NAS-Identifier = "pluto"
(0) NAS-Port = 14494
(0) NAS-Port-Type = Virtual
(0) Service-Type = Authenticate-Only
(0) Calling-Station-Id = "188.81.44.230"
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
