Would somebody help me to resolve PAM TACACS+ problem.
I run RedHat Linux on both client and server platforms.
Client:
1. I compiled and installed Linux-PAM-0.72 at T+ client machine.
2. PAM TACACS+ module has been compiled from pam_tacplus-1.2.9 end installed in
/lib/security/pam_tacplus.so
3. PAM configuration file is located in
/etc/pam.d/tacacs
auth required /lib/security/pam_tacplus.so debug server=xxx.xxx.xxx.xxx
first_hit
account required /lib/security/pam_tacplus.so debug server=xxx.xxx.xxx.xxx
service=ppp protocol=lcp
4. I run check_user from Linux-PAM-0.72/examples as a T+ client
Server:
5. T+ server runs tac_plus.F4.0.3.alpha software.
From the log file attached bellow you can see T+ server rejected T+ client request.
1.
2.
tb.authen_type= TAC_PLUS_AUTHEN_TYPE_PAP;
TAC_PLUS_AUTHEN_TYPE_ASCII request has not been implemented. Does it have any particular reason?
3.
4.
Thank you for help. Have a happy New Year,
Leon
Thu Dec 21 19:59:06 2000 [9175]: session request from xxx.xxx.xxx.xxx sock=1
Thu Dec 21 19:59:06 2000 [9175]: forked 9179
Thu Dec 21 19:59:06 2000 [9179]: Waiting for packet
Thu Dec 21 19:59:06 2000 [9179]: Read AUTHEN/START size=36
Thu Dec 21 19:59:06 2000 [9179]: validation request from xxx.xxx.xxx.xxx
Thu Dec 21 19:59:06 2000 [9179]: PACKET: key=<NULL>
Thu Dec 21 19:59:06 2000 [9179]: version 193 (0xc1), type 1, seq no 1, encryption 1
Thu Dec 21 19:59:06 2000 [9179]: session_id 0 (0x0), Data length 24 (0x18)
Thu Dec 21 19:59:06 2000 [9179]: End header
Thu Dec 21 19:59:06 2000 [9179]: Packet body hex dump:
Thu Dec 21 19:59:06 2000 [9179]: 0x1 0x0 0x2 0x3 0x7 0x5 0x0 0x4 0x74 0x61 0x63 0x6f 0x6e 0x6c 0x79 0x74 0x74
Thu Dec 21 19:59:06 2000 [9179]: 0x79 0x53 0x30 0x74 0x65 0x73 0x74
Thu Dec 21 19:59:06 2000 [9179]: type=AUTHEN/START, priv_lvl = 0
Thu Dec 21 19:59:06 2000 [9179]: action=login
Thu Dec 21 19:59:06 2000 [9179]: authen_type=pap
Thu Dec 21 19:59:06 2000 [9179]: service=ppp
Thu Dec 21 19:59:06 2000 [9179]: user_len=7 port_len=5 (0x5), rem_addr_len=0 (0x0)
Thu Dec 21 19:59:06 2000 [9179]: data_len=4
Thu Dec 21 19:59:06 2000 [9179]: User:
Thu Dec 21 19:59:06 2000 [9179]: taconly
Thu Dec 21 19:59:06 2000 [9179]: port:
Thu Dec 21 19:59:06 2000 [9179]: ttyS0
Thu Dec 21 19:59:06 2000 [9179]: rem_addr:
Thu Dec 21 19:59:06 2000 [9179]: data:
Thu Dec 21 19:59:06 2000 [9179]: test
Thu Dec 21 19:59:06 2000 [9179]: End packet
Thu Dec 21 19:59:06 2000 [9179]: ** authen()
Thu Dec 21 19:59:06 2000 [9179]: ** do_start()
Thu Dec 21 19:59:06 2000 [9179]: Authen Start request
Thu Dec 21 19:59:06 2000 [9179]: ** choose()
Thu Dec 21 19:59:06 2000 [9179]: ** choose_authen()
Thu Dec 21 19:59:06 2000 [9179]: ** choose_login()
Thu Dec 21 19:59:06 2000 [9179]: TAC_PLUS_AUTHEN_TYPE_PAP type->authen_func = default_fn
Thu Dec 21 19:59:06 2000 [9179]: choose_authen chose default_fn
Thu Dec 21 19:59:06 2000 [9179]: ** authenticate()
Thu Dec 21 19:59:06 2000 [9179]: Calling authentication function
Thu Dec 21 19:59:06 2000 [9179]: ** default_fn()
Thu Dec 21 19:59:06 2000 [9179]: ** pap_verify()
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_value: name=taconly isuser=1 attr=pap rec=1
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_value: recurse group = admin
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_value: recurse group = staff
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_pvalue: returns NULL
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_value: name=taconly isuser=1 attr=global rec=1
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_value: recurse group = admin
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_value: recurse group = staff
Thu Dec 21 19:59:06 2000 [9179]: cfg_get_pvalue: returns NULL
Thu Dec 21 19:59:06 2000 [9179]: pap-login query for 'taconly' ttyS0 from xxx.xxx.xxx.xxx rejected
Thu Dec 21 19:59:06 2000 [9179]: Writing AUTHEN/FAIL size=18
Thu Dec 21 19:59:06 2000 [9179]: PACKET: key=<NULL>
Thu Dec 21 19:59:06 2000 [9179]: version 193 (0xc1), type 1, seq no 2, encryption 1
Thu Dec 21 19:59:06 2000 [9179]: session_id 0 (0x0), Data length 6 (0x6)
Thu Dec 21 19:59:06 2000 [9179]: End header
Thu Dec 21 19:59:06 2000 [9179]: Packet body hex dump:
Thu Dec 21 19:59:06 2000 [9179]: 0x2 0x0 0x0 0x0 0x0 0x0
Thu Dec 21 19:59:06 2000 [9179]: type=AUTHEN status=2 (AUTHEN/FAIL) flags=0x0
Thu Dec 21 19:59:06 2000 [9179]: msg_len=0, data_len=0
Thu Dec 21 19:59:06 2000 [9179]: msg:
Thu Dec 21 19:59:06 2000 [9179]: data:
Thu Dec 21 19:59:06 2000 [9179]: End packet
Thu Dec 21 19:59:06 2000 [9179]: exit status=0