RE:How to get PAM to use RADIUS to authenticate a user?

Wed, 19 May 2004 05:26:10 -0700


Message: 4
Date: Wed, 19 May 2004 10:05:36 +0100
From: Maqbool Hashim <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: How to get PAM to use RADIUS to authenticate a user?
Reply-To: [EMAIL PROTECTED]



FreeRadius version: 0.9.3
Redhat Linux 9.0

I have installed FreeRadius on my system and to get familiar with it I
am attempting to the Unix login program to authenticate using the radius
server. In order to this I am using the radius pam module
pam_radius_auth. So PAM is the radius client. (All programs are
running on the same machine, client and radius server).

Heres what I have in /etc/pam.d/login :

#%PAM-1.0
auth required pam_securetty.so
auth sufficient /lib/security/pam_radius_auth.so debug
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so

and in /raddb/users I have the following default line:
DEFAULT Auth-Type := System
Service-Type = Login-User

I start the radius server as follows:

radiusd -i 127.0.0.1 -X

then in another terminal I execute login and try to login as a normal
user. The login program returns with:

Authentication service cannot retrieve authentication info.

Now I check the radius server debugging info and from that side it seems
to be authenticating the user fine:
users: Matched DEFAULT at 140
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Accept of id 206 to 127.0.0.1:5735
Service-Type = Login-User
Finished request 0


This problem has me confused. If anyone can shed any light on the
matter I would appreciate it. Perhaps the problem lies in the
.../pam.d/login configuration?



Y ou just ahve to put Auth-Type := pam in the users file


=================
Déborah Malka

Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail

Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !

Reply via email to