You would need to add the relevant lines from /etc/pam.d/radius (or whatever the filename is for the RADIUS server's PAM configuration) to /etc/pam.d/vnc, or simply set pam_service to the name of the RADIUS server's PAM configuration file.
On 2/24/11 2:44 PM, Sebastiaan Breedveld wrote: > Dear list, > > I am testing the 1.1 pre-beta (2/21/11) 64 bit Linux binary on an Ubuntu > Natty machine. According to previous posts, I start the VNC server as: > ./Xvnc :4 -SecurityTypes=VeNCrypt,Plain -PlainUsers=sebastiaan > pam_service=vnc > > which works fine when connecting with: > ./vncviewer :4 -SecurityTypes=VeNCrypt,Plain > and supplying my credentials. > > Unfortunately, if the password of the user is not stored locally, but > has to be retrieved from a server (a RADIUS server in my case), the > connection fails: > ./Xvnc :4 -SecurityTypes=VeNCrypt,Plain -PlainUsers=sebastiaanRemote > pam_service=vnc > > > /var/log/auth.log simply responds: > Feb 24 21:34:35 uluru01 Xvnc: pam_unix(vnc:auth): authentication > failure; logname= uid=1000 euid=1000 tty= ruser= rhost= > user=sebastiaanRemote > > > Xvnc gives the message: > Thu Feb 24 21:33:44 2011 > Connections: accepted: 10.177.20.2::53817 > SConnection: Client needs protocol version 3.8 > SConnection: Client requests security type VeNCrypt(19) > > Thu Feb 24 21:34:36 2011 > SConnection: AuthFailureException: invalid password or username > Connections: closed: 10.177.20.2::53817 (invalid password or username) > > > My /etc/pam.d/vnc looks like this: > auth [success=2 default=ignore] pam_unix.so nullok_secure > auth sufficient pam_radius_auth.so debug > auth requisite pam_deny.so > auth required pam_permit.so > > account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so > account sufficient pam_radius_auth.so > account requisite pam_deny.so > account required pam_permit.so > > which works fine for other services. I copied this file to a pretty > simple service like chfn (cp /etc/pam.d/vnc /etc/pam.d/chfn) and it > works fine. > > I am not sure where it goes wrong, but I am happy to help looking. > > Sincerely, > Sebastiaan > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > Tigervnc-devel mailing list > Tigervnc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tigervnc-devel ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
