PAM_RADIUS_AUTH.so refuses to work on some machines

classic Classic list List threaded Threaded
1 message Options
| Threaded
Open this post in threaded view
|

PAM_RADIUS_AUTH.so refuses to work on some machines

Christiaan Ehlers

Hi

 

I have installed pam_radius_auth to work on Redhat 7.3 and it seems to work fine.  I then installed (compiled) it on a Redhat 9 box and it seems to be behaving quite strange.

 

My pam.d/sshd file looks like this

 

#%PAM-1.0

auth      sufficient   pam_radius_auth.so debug

auth       required     pam_stack.so service=system-auth

auth       required     pam_nologin.so

account    required     pam_stack.so service=system-auth

password   required     pam_stack.so service=system-auth

session    sufficient   pam_radius_auth.so debug

session    required     pam_stack.so service=system-auth

session    required     pam_limits.so

session    optional     pam_console.so

 

The session (accounting) part of pam_radius_auth seems to work fine.  I can see packets going to the radius server when I do a tcpdump on the client machine.   This only works when I hash out the first line "auth      sufficient   pam_radius_auth.so debug".

 

 

When the first line is not hasshed the authentication kicks in and nothing happens when I enter a username and password.  I set tcpdump to sniff for all packets going to the radius server but there is nothing.

 

My logs look like this.

Jun 20 17:12:01 finpapp01 sshd[6881]: pam_radius_auth: Got user name root

Jun 20 17:12:23 finpapp01 sshd[6887]: pam_radius_auth: Got user name test

Jun 20 17:14:00 finpapp01 sshd[7161]: pam_radius_auth: Got user name test

Jun 20 17:18:14 finpapp01 sshd[7673]: Failed password for test from 172.31.1.101 port 2276

Jun 20 17:18:45 finpapp01 sshd[7780]: Accepted password for root from 172.31.1.101 port 2277

Jun 20 17:18:45 finpapp01 sshd[7780]: pam_radius_auth: DEBUG: getservbyname(radacct, udp) returned 1108551052.

Jun 20 17:18:48 finpapp01 sshd[7780]: pam_radius_auth: RADIUS server 172.31.10.1 failed to respond

Jun 20 17:18:48 finpapp01 sshd[7780]: pam_radius_auth: All RADIUS servers failed to respond.

Jun 20 17:22:26 finpapp01 sshd[8216]: pam_radius_auth: Got user name test

Jun 20 17:24:50 finpapp01 sshd[8541]: pam_radius_auth: Got user name root

Jun 20 17:28:40 finpapp01 sshd[8978]: Accepted password for root from 172.31.1.120 port 1916 ssh2

 

When I try and log into the box, the only info that pam_radius_auth give to the log is the "Got user name xxxx" message.

 

What would the right syntax be for a strace command to trace this?

 

So far I have recompiled, copy bin from other machines but nothing seems to work.

 

Kind Regarsd

Christiaan Ehlers


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html