Pardon the intrusion,
I wanted to see if anyone else had been in this situation so I didn't have
to reinvent the wheel if I didn't have to.
Basically I want to pass along all Radius authentication to
a RSA SecurID server. I don't want it to do anything else other than
that. (Basically because RSA SecurID has a PAM module for Linux, but
several of my servers/network devices are RADIUS only, I want to be able
to use my fobs)
I have the PAM module talking to the server so I know it works. Just
confused as to why the Radius Daemon is not chatting to it.
My /etc/pam.d/radiusd looks like...
#PAM-1.0
auth required /lib/security/pam_securid.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_userdb.so
The PAM part of the startup (running radiusd -X -A to see debugging info)
Module: Loaded Pam
pam: pam_auth = "radiusd"
Module: Instantiated pam (pam)
Using the radius client off of www.efinesoft.com to see the messages back
and forth.
In my users file I have
DEFAULT Auth-Type:=PAM
Fall-Through=Yes
When I click send with the username of cjtest it just rejects me
and I don't see a reject or any "garbage" on the RSA servers side
like I do if I mess up the install of OpenSSH pointing to the
securid server.
I get this...
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.xxx.xxx:3035, id=19,
length=28
User-Name = "cjtest"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "cjtest", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 75
users: Matched DEFAULT at 155
users: Matched DEFAULT at 162
users: Matched DEFAULT at 221
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
rlm_unix: Attribute "User-Password" is required for authentication.
modcall[authenticate]: module "unix" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
(75 is the line with DEFAULT Auth-Type:=PAM)
Do you have any pointers on where to look next or if this is even
possible?
Thanks,
-Chris
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
