Made a lot of progress on this today.  I decided to use pam_sessionrun
for a POC rather than worry 'bout writing c code for user add/deletes.

It's working somewhat.  pam_auth_radius (and perhaps pam in general, not
sure yet) seems to want the user to exist or it sends crap for the passwd
to radius.

Specifically:

Feb 17 19:21:22 mypocbox sshd[13804]: pam_radius_auth: Sending RADIUS request 
password ^M^?INCORRECT

So what happens is I created a prelogin event to run a useradd script before
it goes to the radius plugin.  This works fine, but then sends crap to radius 
for the passwd.

If I kill that ssh session and try again, works fine since the user has been 
added by the previous session.

Hopefully tomorrow I'll solve that mystery, but if somebody has a clue as to why
pam_radius_auth sends crap to radius if the user doesn't exist on the machine 
that
would be useful information to have for my work tomorrow.

R. Marc

`
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to