Re: compiling pam radius module
I'm sure this won't surprise anyone, but the problem had nothing to do with radius. I had only entered the radius module in the pam config for ssh, but I had a kerberos config in the system auth pam config. When I enabled debug for the radius module I saw the kerberos realm info being passed in syslog. I entered the pam-radius module in the system-auth config and everything works. -- View this message in context: http://freeradius.1045715.n5.nabble.com/compiling-pam-radius-module-tp4727149p4730628.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compiling pam radius module
I am trying to get pam radius module to work but the module does not seem to be encrypting properly. When I test using radtest authentication works, but when attempting a pam authentication the password shows as garbage. I have verified that the shared secret I'm using is the same for both configurations. I will post debug logs shortly. -- View this message in context: http://freeradius.1045715.n5.nabble.com/compiling-pam-radius-module-tp4727149p4727149.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compiling pam radius module
This is the output from the compile. Are the messages here anything to be concerned with? [root@csp pam_radius-1.3.17]# make cc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o pam_radius_auth.c: In function ‘talk_radius’: pam_radius_auth.c:886: warning: pointer targets in passing argument 6 of ‘recvfrom’ differ in signedness pam_radius_auth.c: In function ‘pam_sm_authenticate’: pam_radius_auth.c:1102: warning: assignment from incompatible pointer type cc -Wall -fPIC -c -o md5.o md5.c ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so -- View this message in context: http://freeradius.1045715.n5.nabble.com/compiling-pam-radius-module-tp4727149p4727343.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compiling pam radius module
g17jimmy wrote: This is the output from the compile. Are the messages here anything to be concerned with? No. [root@csp pam_radius-1.3.17]# make cc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o pam_radius_auth.c: In function ‘talk_radius’: pam_radius_auth.c:886: warning: pointer targets in passing argument 6 of ‘recvfrom’ differ in signedness pam_radius_auth.c: In function ‘pam_sm_authenticate’: pam_radius_auth.c:1102: warning: assignment from incompatible pointer type cc -Wall -fPIC -c -o md5.o md5.c ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so -- View this message in context: http://freeradius.1045715.n5.nabble.com/compiling-pam-radius-module-tp4727149p4727343.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compiling pam radius module
I didn't think so, just making sure. I'll test more and post the output. -- View this message in context: http://freeradius.1045715.n5.nabble.com/compiling-pam-radius-module-tp4727149p4727533.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compiling pam radius module
request to realm NULL ++[suffix] returns updated [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [ldap] performing user authorization for rsguser [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=rsguser) [ldap] expand: dc=remoteservices,dc=CSPKRB - dc=remoteservices,dc=CSPKRB rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as / to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=remoteservices,dc=CSPKRB, with filter (uid=rsguser) [ldap] checking if remote access for rsguser is allowed by dialupAccess [ldap] looking for check items in directory... [ldap] looking for reply items in directory... WARNING: No known good password was found in LDAP. Are you sure that the user is configured correctly? [ldap] user rsguser authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop WARNING: Empty section. Using default return values. Sending Access-Request of id 241 to 192.168.10.108 port 1812 User-Name = rsguser User-Password = \010\n\r\177INCORRECT NAS-IP-Address = 192.168.10.107 NAS-Identifier = sshd NAS-Port = 18542 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = CSID IP ADDRESS -- removed Proxy-State = 0x3631 Proxying request 0 to home server 192.168.10.108 port 1812 Sending Access-Request of id 241 to 192.168.10.108 port 1812 User-Name = rsguser User-Password = \010\n\r\177INCORRECT NAS-IP-Address = 192.168.10.107 NAS-Identifier = sshd NAS-Port = 18542 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = CSID IP ADDRESS -- removed Proxy-State = 0x3631 Going to the next request Waking up in 0.8 seconds. rad_recv: Access-Reject packet from host 192.168.10.108 port 1812, id=241, length=24 Proxy-State = 0x3631 +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop Login incorrect (Home Server says so): [rsguser] (from client 192.168.0.0/16 port 18542 cli [IP ADDRESS -- removed] +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - rsguser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 61 to 192.168.10.109 port 19567 Waking up in 4.7 seconds. Cleaning up request 0 ID 61 with timestamp +2475 Ready to process requests. -- View this message in context: http://freeradius.1045715.n5.nabble.com/compiling-pam-radius-module-tp4727149p4727853.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compiling pam radius module
Hello, So when do you want to get your goods? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html