Hello list, I hope it's ok to submit a question regarding the pam_radius_auth PAM module as there seems to be no separate mailinglist for it.
I'm trying to use pam_radius_auth PAM module on a Debian (Sarge) system to authenticate users to a Vasco radius server using their digipass tokens. The version that I have installed is the stock Debian version, 1.3.16-2. As far as I can see on the site, that's the most recent version. When I try to authenticate, the following happens: In the request: t:User Name(1): l:6, Value:"BOFH" t:User Password(2) l:18, value:<some_hash> t:NAS IP Address(4) l:6, Value:127.0.0.1 t:NAS identifier(32) l:22, Value:"FIXME_test" t:NAS Port(5) l:6, Value:16333 t:NAS Port Type(61) l:6, Value:Virtual(5) t:Service Type(6) l:6, Value:Authenticate Only(8) t:Calling Station Id(31) l:14, Value:"10.100.1.149" In the answer: t:Reply Message(18) l:50, Value:"Request denied - failed to obtain client details" I'm a bit confused by the 'NAS IP Address' being 127.0.0.1, the loopback interface. In the RFC I read that the 'NAS IP Address', and I quote: "Should be unique to the NAS within the scope of the RADIUS server". I'm no native speaker, but it seems that this should be a unique value per host in the client list of the server, and thus not the loopback address but the 'real' ip address. Since the RFC goes on to say that the source address of the request and not this value should be used to select the secret, that only strengthens my belief that this value should be the ip address of the machine. Is there a way I can make the module sent out the IP address. Is this os related? The reason I'm asking this is because I tried to set up the mod-auth-radius apache module (another freeradius spinoff) since it supports the AuthRadiusBindAddress parameter that let's you specify the address to use for sending the requests. However, after setting this parameter, requests where still sent out (by apache) with the loopback address, and I got the same error. I realize this is only partly related to freeradius as we're not using the server. (we're using vasco since we have their digipass tokens) However, I could really use some help here, and so far, google let me down. If I'm completely off-topic, allow me to apologize. Kind regards, joost PS: On the freeradius web site, when you go to 'related topics' the 'download' and 'mailing list' links on the top of the page are broke, they are relative from the 'related' directory and they shouldn't be. DISCLAIMER This e-mail and any attached files are confidential and may be legally privileged. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify A.S.T.R.I.D. nv/sa immediately and then delete this e-mail. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
