Re: [Swan] Fail to authenticate trough PAM+radius in version 3.15, same conf working on 3.13

Paul Wouters Sun, 15 Nov 2015 01:35:20 -0800

On Sun, 15 Nov 2015, Paul Wouters wrote:

Subject: Re: [Swan] Fail to authenticate trough PAM+radius in version 3.15,
    same conf working on 3.13


There is a bug fix for that in git that will be in 3.16. Please check GitHub 
for the patch

Sent from my iPhone


Now that I'm on a computer I found your commit:

https://github.com/libreswan/libreswan/commit/3f14d347d8218fb5ff00c796948f96f8bfac03b3

Paul

On Nov 15, 2015, at 06:26, Antonio Silva <[email protected]> wrote:

Hi,

I just update libreswan to newest 3.15 from 3.13 but now i can't authenticate 
the user using XAUTH with pam+radius with the came configuration.


Not sure if it could be some issue with some external lib... i'm using debian 
wheezy - i did all the tricks to install with the newest version of nss...

The password sent to radius server has the same value as the username...

Could it be because of Debian version or is could be an issue in the new 
version?


Thanks.



My pam configuration is:

auth required pam_radius_auth.so
account required pam_radius_auth.so
session required pam_radius_auth.so



The respective log when it fail is:

***------ VERSION 3.15 - ERROR

Nov 14 21:45:13 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: 
Sending Username/Password request (XAUTH_R0)
Nov 14 21:45:13 sol pluto[2605]: XAUTH: User vpnuser: Attempting to login
Nov 14 21:45:13 sol pluto[2605]: XAUTH: pam authentication being called to 
authenticate user vpnuser
Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Got user name vpnuser
Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Sending RADIUS request code 1
Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: Got RADIUS response code 3
Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: authentication failed
Nov 14 21:45:14 sol pluto[2605]: XAUTH: pam_authenticate failed with 
'Authentication failure'
Nov 14 21:45:14 sol pluto[2605]: XAUTH: User vpnuser: Authentication Failed: 
Incorrect Username or Password
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: 
Unsupported XAUTH basic attribute XAUTH-STATUS received.
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: Expected 
MODE_CFG_REPLY is missing username and password attribute
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: 
Sending Username/Password request (XAUTH_R0)
Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: User 
<unknown>: Authentication Failed (retry 1)




--- radius recv pkt:
(0) Received Access-Request Id 151 from 127.0.0.1:5141 to 127.0.0.1:1812 length 
126
(0)   User-Name = "vpnuser"
(0)   User-Password = "vpnuser"
(0)   NAS-IP-Address = 127.0.1.1
(0)   NAS-Identifier = "pluto"
(0)   NAS-Port = 4116
(0)   NAS-Port-Type = Virtual
(0)   Service-Type = Authenticate-Only
(0)   Calling-Station-Id = "188.81.44.230"


****------ VERSION 3.13 -- SUCCESS

Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: 
Sending XAUTH Login/Password Request
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: 
Sending Username/Password request (XAUTH_R0)
Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Attempting to login
Nov 14 22:16:26 sol pluto[28470]: XAUTH: pam authentication being called to 
authenticate user vpnuser
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got user name vpnuser
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Sending RADIUS request code 1
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got RADIUS response code 2
Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: authentication succeeded
Nov 14 22:16:26 sol pluto[28470]: XAUTH: PAM_SUCCESS
Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Authentication Successful
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: 
xauth_inR1(STF_OK)
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: 
transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established


--- radius recv pkt:
(0) Received Access-Request Id 64 from 127.0.0.1:15519 to 127.0.0.1:1812 length 
110
(0)   User-Name = "vpnuser"
(0)   User-Password = "1234test"
(0)   NAS-IP-Address = 127.0.1.1
(0)   NAS-Identifier = "pluto"
(0)   NAS-Port = 14494
(0)   NAS-Port-Type = Virtual
(0)   Service-Type = Authenticate-Only
(0)   Calling-Station-Id = "188.81.44.230"



_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] Fail to authenticate trough PAM+radius in version 3.15, same conf working on 3.13

Reply via email to