> Joe > As I said: > Also I know that this machine can >> establish radius connection (udp/1812) to the >> radius server. I tried it using nc command. Sorry about that. Sometimes I read WAY to quickly. > Using nc command I could establich udp connection to > 1812 port and the firewall permits the connection. > It's not a network problem :( Okay. After the module prints "Got user name %s", it calls a function initialize(). This function get's the IP address of the host to contact for the radius information. If it returns any PAM_* errors, the module will quit right there. However, if it continues on, there is the next step of checking for the service name or the client_id - if both of those fail, the module will quit. At this point, an open socket should be connected to the Radius server, and the module set's up the Radius packet. But it won't quit here. It grabs the password, and then determines if it fails. If it does not, you should see a debug message stating "Got password %s". So, in this process, there are actually a multitude of ways that this could be "malfunctioning". If it can't find the /etc/raddb/servers file, it will complain and log it. So, obviously, you DO have the file and it is in the right place. In addition, in the initialize function, it checks for server configs, and that is working fine. Then it opens the socket. If it fails to open the socket, IT SHOULD PRINT A LOG LINE. Now, I would suggest that you dump a couple of _pam_log(LOG_ERR, "Failed to open RADIUS socket: %s\n", strerror(errno)); lines throughout the code, primarily AFTER the initialize function exits, and then throughout the initialize function itself. This should help you pin point exactly what process is causing the problem. The other option is to run 'gdb' on it (attach it to the process after it is started). Try doing it in the "su" service, so that you can do most of the leg work on the command line. Then you can step through the process to figure out what is going on. Some time between printing "Got user name" and the next print functions, the module is doing something wrong. Let me know what you find. Joe > Joe > As I said: > Also I know that this machine can >> establish radius connection (udp/1812) to the >> radius server. I tried it using nc command. > > Using nc command I could establich udp connection to > 1812 port and the firewall permits the connection. > It's not a network problem :( > > --Fatemeh > > --- Joe Lewis <joe@xxxxxxxxxxxxx> wrote: >> Have you run network checks to ensure that ports are >> being opened? You >> might have a firewall on the sending side, the >> recieving side, or >> somewhere in between that is causing problems. >> Telnet on the radius port >> and verify that you can get a connection. >> >> Joe >> >> > Dear All, >> > I did install cyrus imapd 2.2.3 on redhat >> > enterprise 3.Now I want authenticate users trough >> a >> > radius server.I have done it previously on redhat >> 7.1 >> > and it works fine But now pam_radius does not send >> the >> > request to the radiusserver. >> > Maybe here >> > is not the proper place to ask this, but I though >> you >> > might have such experience. >> > >> > I have: >> > --sasl_passwd_check=saslauthd sasl_mech_list=PLAIN >> > --in /etc/pam.d/pop I have >> > auth required /lib/security/pam_radius_auth.so >> debug >> > --and have configured >> > /etc/raddb/server too and the permission is 755. >> > --Also /lib/security/pam_radius_auth.so is >> > available too. (pam_radius 1.3.16)I ran saslauthd >> with >> > -a pam , it get the username but there >> > is no sign of sending the request to radius >> server. >> > >> > log: >> > saslauthd[2859]: rel_accept_lock : released accept >> > lock >> > May22 saslauthd[2860]: get_accept_lock : acquired >> > accept lock >> > May 2212:06:56 test saslauthd[2859]: >> pam_radius_auth: >> > Got user name fatemehand >> > >> > nothing about sending request is found in log. >> > >> > With my tests I know that pam_radius_auth does >> read >> > the /etc/radd/server but does not send any request >> to >> > radius server. Also I know that this machine can >> > establish radius connection (udp/1812) to the >> > radius server. I tried it using nc command. Any >> > comment is really appriciated. >> > >> > >> > Please help. >> > Thanks F. Taj >> > P.S, I have asked it in cyrus imapd and cyrus sasl >> > list too but no answer :( >> > >> > >> > >> > >> > >> > __________________________________ >> > Do you Yahoo!? >> > Friends. Fun. Try the all-new Yahoo! Messenger. >> > http://messenger.yahoo.com/ >> > >> > >> > _______________________________________________ >> > >> > Pam-list@xxxxxxxxxx >> > https://www.redhat.com/mailman/listinfo/pam-list >> > >> >> >> Joe Lewis >> >> >> _______________________________________________ >> >> Pam-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/pam-list > > > > > > __________________________________ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > Joe Lewis _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
