Re: Strange problem with pam_radius_auth (SOLVED)
On Thu, Aug 01, 2002 at 06:47:10PM +0600, Dr. Muhammad Masroor Ali wrote: > My problem has been solved by the kind suggestion of Mojahedul Hoque Abul Hasanat > <[EMAIL PROTECTED]>. Direct quote from his mail. > > > > This is a bit wild guess, but might help. Put an "account" line squids > pam config file with pam_permit.so as the module. The line will be > similar to: > > account requiredpam_permit.so > > I have seen some applications that don't seem to need an "account" > section at first glance. But they open a pam session requiring an > account entry. They do it to impose login time restrictions. > > > > > > Greetings, > > I have tried both the kind suggestions of Alan DeKok and Frank Cusack > > without any avail. First of all, the latest version from CVS, did > > improve the situation. And second, putting daemon.debug in syslog.conf > > is not generating anything. The relevant lines I used, > > > > # Daemon debug messages > > daemon.debug/usr/local/var/log/deamondebuglog > > > > Yes, this file exists (created by touch) and I remembered to restart > > syslogd. > > > > I am really frustrated. Any help will be appreciated. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- > Nobody's gonna believe that computers are intelligent until they start > coming in late and lying about it. > > Dr. Muhammad Masroor Ali > Associate Professor and Associate Director > Institute of Information and Communication Technology > Bangladesh University of Engineering and Technology > Dhaka-1000, Bangladesh > > Phone: 880 2 966 5650 ext 7245, 7756 (work) > ext 7748 or 880 2 966 5700 (residence) > FAX: 880 2 861 3046, 880 2 861 3026 > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
Greetings, I have tried both the kind suggestions of Alan DeKok and Frank Cusack without any avail. First of all, the latest version from CVS, did improve the situation. And second, putting daemon.debug in syslog.conf is not generating anything. The relevant lines I used, # Daemon debug messages daemon.debug/usr/local/var/log/deamondebuglog Yes, this file exists (created by touch) and I remembered to restart syslogd. I am really frustrated. Any help will be appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
On Tue, Jul 30, 2002 at 06:41:56PM +0600, Dr. Muhammad Masroor Ali wrote: > My squid file in pam.d (as was suggested in INSTALL) > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so debug > auth required /lib/security/pam_unix_auth.so Do you have the accounts in /etc/passwd? If not, why is pam_unix_auth there? For this example, it shouldn't matter, as you show that radiusd does send back an access-accept, but let's clean up the config anyway. > There is no indication of a mishap in var/log/messages, (the last lines > are shown here), Did you set daemon.debug to go to /var/log/messages? /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
"Dr. Muhammad Masroor Ali" <[EMAIL PROTECTED]> wrote: > I am trying to use pam_radius_auth with squid. The authentication > program I am using (pam_auth) for squid works perfectly when I use > system authentication. But when I switch to pam_radius_auth, messages > from radius says the user is being authenticated perfectly, while squid > thinks otherwise. And the messages about what PAM is doing are non-existent, right? PAM has no helpful debugging information, so of course, it's the one denying the user authentication, and there's no way for you to find out why. Grab the latest pam_radius_auth module from CVS: http://www.freeradius.org/development.html It has a patch submitted recently which may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange problem with pam_radius_auth
Greetings, I have spent the last four hours on this problem without any success. I have searched the whole Internet, and done everything conceivable (imaginable) but all else have failed. I am trying to use pam_radius_auth with squid. The authentication program I am using (pam_auth) for squid works perfectly when I use system authentication. But when I switch to pam_radius_auth, messages from radius says the user is being authenticated perfectly, while squid thinks otherwise. My squid file in pam.d (as was suggested in INSTALL) auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so There is no indication of a mishap in var/log/messages, (the last lines are shown here), Jul 30 18:13:40 iictss squid[4786]: Squid Parent: child process 4788 started See, there is nothing after squid has started. radiusd is being run is debug mode, and the relevant last lines are, rad_recv: Access-Request packet from host 127.0.0.1:5814, id=182, length=78 User-Name = "radtest" User-Password = "\342\031$\227<\002G\202\364\263fSK\003\305~" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "squid" NAS-Port = 4789 NAS-Port-Type = Virtual Service-Type = Authenticate-Only modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "radtest" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate HASH: user radtest found in hashtable bucket 16015 modcall[authenticate]: module "unix" returns ok modcall: group authenticate returns ok Sending Access-Accept of id 182 to 127.0.0.1:5814 Finished request 10 Going to the next request See that line with Access-Accept!!! I have even tried running squid in debug mode, but nothing is said there. Other relevant informations, RH 7.3, Squid 2.4.STABLE6 freeradius-0.7 pam_radius-1.3.15 Any help will be highly appreciated. Masroor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html