Not currently but maybe it is possible to incorporate this. It seems you have done half the work ? We would need to get the variable content back into pluto and we could use it after storing it in the struct state
Sent from my iPhone > On Mar 24, 2020, at 06:25, António Silva <[email protected]> wrote: > > Hi Paul, > > I’m trying to make it possible to use the frame_ip_address from > pam_radius_auth, right now i set the framed_ip_address as an environment > variable. > Do you thing that libreswan could use this variable and set this IP address > for the authenticate user? > > This is my log: > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0) > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > XAUTH: PAM authentication method requested to authenticate user 'user' > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Got user name user > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: ignore last_pass, > force_prompt set > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Sending RADIUS > request code 1 > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: DEBUG: > get_ipaddr(127.0.0.1) returned 0. > Mar 24 03:46:38 commsmundi radiusd[3081]: (14) Login OK: [user/1234] (from > client nas01 port 13754 cli 192.168.10.188) > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Got RADIUS response > code 2 > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: Set PAM environment > variable : Framed-IP-Address=192.168.20.2 > Mar 24 03:46:38 commsmundi pluto[13754]: pam_radius_auth: authentication > succeeded > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > PAM: #25: completed for user 'user' with status SUCCESSS > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > XAUTH: User user: Authentication Successful > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > XAUTH: xauth_inR1(STF_OK) > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY > cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} > Mar 24 03:46:38 commsmundi pluto[2803]: "tunnel1"[12] 192.168.10.188 #25: > modecfg_inR0(STF_OK) > > > Thanks, > António > > >> On 15 Nov 2015, at 10:49, Paul Wouters <[email protected]> wrote: >> >>> On Fri, 13 Nov 2015, François wrote: >>> >>> Do you think it is possible with a tweak in current PAM authentication (not >>> sure if PAM can send back parameters received by RADIUS), or would it >>> require Libreswan to support RADIUS? >>> >>> Not sure how all this works, but I'm willing to try to make a patch for >>> that if it's not too complex! >> >> I guess it might be possible with pam_radius support? If you can figure >> out those parts, we can help with getting the IP address from the pam >> module back into the connection instance. >> >> Paul >> _______________________________________________ >> Swan mailing list >> [email protected] >> https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
