There is a bug fix for that in git that will be in 3.16. Please check GitHub for the patch
Sent from my iPhone > On Nov 15, 2015, at 06:26, Antonio Silva <[email protected]> wrote: > > Hi, > > I just update libreswan to newest 3.15 from 3.13 but now i can't authenticate > the user using XAUTH with pam+radius with the came configuration. > > > Not sure if it could be some issue with some external lib... i'm using debian > wheezy - i did all the tricks to install with the newest version of nss... > > The password sent to radius server has the same value as the username... > > Could it be because of Debian version or is could be an issue in the new > version? > > > Thanks. > > > > My pam configuration is: > > auth required pam_radius_auth.so > account required pam_radius_auth.so > session required pam_radius_auth.so > > > > The respective log when it fail is: > > ***------ VERSION 3.15 - ERROR > > Nov 14 21:45:13 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: > Sending Username/Password request (XAUTH_R0) > Nov 14 21:45:13 sol pluto[2605]: XAUTH: User vpnuser: Attempting to login > Nov 14 21:45:13 sol pluto[2605]: XAUTH: pam authentication being called to > authenticate user vpnuser > Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Got user name vpnuser > Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Sending RADIUS request code > 1 > Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: Got RADIUS response code 3 > Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: authentication failed > Nov 14 21:45:14 sol pluto[2605]: XAUTH: pam_authenticate failed with > 'Authentication failure' > Nov 14 21:45:14 sol pluto[2605]: XAUTH: User vpnuser: Authentication Failed: > Incorrect Username or Password > Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: > Unsupported XAUTH basic attribute XAUTH-STATUS received. > Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: Expected > MODE_CFG_REPLY is missing username and password attribute > Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: > Sending Username/Password request (XAUTH_R0) > Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: > User <unknown>: Authentication Failed (retry 1) > > > > > --- radius recv pkt: > (0) Received Access-Request Id 151 from 127.0.0.1:5141 to 127.0.0.1:1812 > length 126 > (0) User-Name = "vpnuser" > (0) User-Password = "vpnuser" > (0) NAS-IP-Address = 127.0.1.1 > (0) NAS-Identifier = "pluto" > (0) NAS-Port = 4116 > (0) NAS-Port-Type = Virtual > (0) Service-Type = Authenticate-Only > (0) Calling-Station-Id = "188.81.44.230" > > > ****------ VERSION 3.13 -- SUCCESS > > Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: > Sending XAUTH Login/Password Request > Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: > Sending Username/Password request (XAUTH_R0) > Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Attempting to login > Nov 14 22:16:26 sol pluto[28470]: XAUTH: pam authentication being called to > authenticate user vpnuser > Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got user name vpnuser > Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Sending RADIUS request > code 1 > Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got RADIUS response code 2 > Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: authentication succeeded > Nov 14 22:16:26 sol pluto[28470]: XAUTH: PAM_SUCCESS > Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Authentication > Successful > Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: > xauth_inR1(STF_OK) > Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: > transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3 > Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: > STATE_MAIN_R3: sent MR3, ISAKMP SA established > > > --- radius recv pkt: > (0) Received Access-Request Id 64 from 127.0.0.1:15519 to 127.0.0.1:1812 > length 110 > (0) User-Name = "vpnuser" > (0) User-Password = "1234test" > (0) NAS-IP-Address = 127.0.1.1 > (0) NAS-Identifier = "pluto" > (0) NAS-Port = 14494 > (0) NAS-Port-Type = Virtual > (0) Service-Type = Authenticate-Only > (0) Calling-Station-Id = "188.81.44.230" > > > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
