FreeRadius version: 0.9.3 Redhat Linux 9.0
I have installed FreeRadius on my system and to get familiar with it I am attempting to the Unix login program to authenticate using the radius server. In order to this I am using the radius pam module pam_radius_auth. So PAM is the radius client. (All programs are running on the same machine, client and radius server).
Heres what I have in /etc/pam.d/login :
#%PAM-1.0 auth required pam_securetty.so auth sufficient /lib/security/pam_radius_auth.so debug auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so
and in /raddb/users I have the following default line: DEFAULT Auth-Type := System Service-Type = Login-User
I start the radius server as follows:
radiusd -i 127.0.0.1 -X
then in another terminal I execute login and try to login as a normal user. The login program returns with:
Authentication service cannot retrieve authentication info.
Now I check the radius server debugging info and from that side it seems to be authenticating the user fine:
users: Matched DEFAULT at 140
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Accept of id 206 to 127.0.0.1:5735
Service-Type = Login-User
Finished request 0
This problem has me confused. If anyone can shed any light on the matter I would appreciate it. Perhaps the problem lies in the .../pam.d/login configuration?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html