Are you getting the
ERROR reading %s, line %d:
Could not read hostname or secret\n"
Line? You have that just inside of an if () block, but nothing in the
"else" side of things. We may be getting somewhere :) .
Put another log line in the "else" section printing the hostname, the
secret, and the timeout just to verify that it is reading the line in
your config file properly. We're getting close!
Joe
Fatemeh Taj wrote:
Joe,
I did what you said, it seems that there is a
non-ending while loop here (for me) and the last error
I see is what I have printed below (socket23). It gets
the username and goes to this loop and never comes out
to get the password.
Can you help me?
Thanks
Fatemeh Taj
while (!feof(fserver) &&
(fgets (buffer, sizeof(buffer), fserver) !=
(char*) NULL) &&
(!ferror(fserver))) {
line++;
p = buffer;
/*
* Skip blank lines and whitespace
*/
while (*p &&
((*p == ' ') || (*p == '\t') ||
(*p == '\r') || (*p == '\n'))) p++;
/*
* Nothing, or just a comment. Ignore the line.
*/
if ((!*p) || (*p == '#')) {
continue;
}
timeout = 3;
if (sscanf(p, "%s %s %d", hostname, secret,
&timeout) < 2) {
_pam_log(LOG_ERR, "ERROR reading %s, line %d:
Could not read hostname or secret\n",
conf_file, line);
continue; /* invalid line */
} else { /* read it in and save
the data */
radius_server_t *tmp;
tmp = malloc(sizeof(radius_server_t));
if (server) {
server->next = tmp;
server = server->next;
} else {
conf->server = tmp;
server= tmp; /* first time */
}
/* sometime later do memory checks here */
server->hostname = strdup(hostname);
server->secret = strdup(secret);
server->accounting = accounting;
server->port = 0;
if ((timeout < 1) || (timeout > 60)) {
server->timeout = 3;
} else {
server->timeout = timeout;
}
server->next = NULL;
}
_pam_log(LOG_ERR, "Unable to open socket23: %s\n",
strerror(errno));
}
_pam_log(LOG_ERR, "Unable to open socket24: %s\n",
strerror(errno));
fclose(fserver);
--- Joe Lewis <joe@xxxxxxxxxxxxx> wrote:
Joe
As I said:
Also I know that this machine can
establish radius connection (udp/1812) to the
radius server. I tried it using nc command.
Sorry about that. Sometimes I read WAY to quickly.
Using nc command I could establich udp connection
to
1812 port and the firewall permits the connection.
It's not a network problem :(
Okay. After the module prints "Got user name %s",
it calls a function
initialize(). This function get's the IP address of
the host to contact
for the radius information. If it returns any PAM_*
errors, the module
will quit right there. However, if it continues on,
there is the next
step of checking for the service name or the
client_id - if both of those
fail, the module will quit. At this point, an open
socket should be
connected to the Radius server, and the module set's
up the Radius packet.
But it won't quit here. It grabs the password, and
then determines if it
fails. If it does not, you should see a debug
message stating "Got
password %s".
So, in this process, there are actually a multitude
of ways that this
could be "malfunctioning". If it can't find the
/etc/raddb/servers file,
it will complain and log it. So, obviously, you DO
have the file and it
is in the right place. In addition, in the
initialize function, it checks
for server configs, and that is working fine. Then
it opens the socket.
If it fails to open the socket, IT SHOULD PRINT A
LOG LINE. Now, I would
suggest that you dump a couple of
_pam_log(LOG_ERR, "Failed to open RADIUS socket:
%s\n", strerror(errno));
lines throughout the code, primarily AFTER the
initialize function exits,
and then throughout the initialize function itself.
This should help you
pin point exactly what process is causing the
problem.
The other option is to run 'gdb' on it (attach it to
the process after it
is started). Try doing it in the "su" service, so
that you can do most of
the leg work on the command line. Then you can step
through the process
to figure out what is going on. Some time between
printing "Got user
name" and the next print functions, the module is
doing something wrong.
Let me know what you find.
Joe
Joe
As I said:
Also I know that this machine can
establish radius connection (udp/1812) to the
radius server. I tried it using nc command.
Using nc command I could establich udp connection
to
1812 port and the firewall permits the connection.
It's not a network problem :(
--Fatemeh
--- Joe Lewis <joe@xxxxxxxxxxxxx> wrote:
Have you run network checks to ensure that ports
are
being opened? You
might have a firewall on the sending side, the
recieving side, or
somewhere in between that is causing problems.
Telnet on the radius port
and verify that you can get a connection.
Joe
Dear All,
I did install cyrus imapd 2.2.3 on redhat
enterprise 3.Now I want authenticate users
trough
a
radius server.I have done it previously on
redhat
7.1
and it works fine But now pam_radius does not
send
the
request to the radiusserver.
Maybe here
is not the proper place to ask this, but I
though
you
might have such experience.
I have:
--sasl_passwd_check=saslauthd
sasl_mech_list=PLAIN
--in /etc/pam.d/pop I have
auth required /lib/security/pam_radius_auth.so
debug
--and have configured
/etc/raddb/server too and the permission is
755.
--Also /lib/security/pam_radius_auth.so is
available too. (pam_radius 1.3.16)I ran
saslauthd
with
-a pam , it get the username but there
is no sign of sending the request to radius
server.
log:
saslauthd[2859]: rel_accept_lock : released
accept
lock
May22 saslauthd[2860]: get_accept_lock :
acquired
accept lock
May 2212:06:56 test saslauthd[2859]:
pam_radius_auth:
Got user name fatemehand
nothing about sending request is found in log.
With my tests I know that pam_radius_auth does
read
the /etc/radd/server but does not send any
request
to
radius server. Also I know that this machine
can
establish radius connection (udp/1812) to the
radius server. I tried it using nc command.
Any
comment is really appriciated.
Please help.
Thanks F. Taj
P.S, I have asked it in cyrus imapd and cyrus
sasl
list too but no answer :(
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo!
Messenger.
http://messenger.yahoo.com/
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
Joe Lewis
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
=== message truncated ===
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
|
