Problem with radiusd and pam authentication

"Jean-Paul.Chapalain@xxxxxxx" <Jean-Paul.Chapalain@xxxxxxx> · Mon, 20 Feb 2006 18:27:12 +0100

I'm trying to run authentication from FreeRadius (Version 1.0.1) with Pam.

So, i've created a Unix user (Fermi Linux LTS Release 3.0.1): pamuser.

When, i'm using "su" command with pam for this user with radiusd user,
it's ok : (/var/log/messages)
Feb 20 17:12:19 tuxrazor su(pam_unix)[20566]: session opened for user
pamuser by radiusd(uid=502)

When, i'm using pam for authenticate a freeradius user, i've a
autenthication failure : (/var/log/messages)
Feb 20 17:10:16 tuxrazor radiusd(pam_unix)[19912]: authentication
failure; logname= uid=502 euid=502 tty= ruser= rhost=  user=pamuser

See below :
/etc/pam.d/radiusd :
--------------------
#%PAM-1.0
auth       required     /lib/security/pam_unix_auth.so shadow nullok
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_unix_passwd.so shadow nullok
use_authtok
session    required     /lib/security/pam_unix_session.so

FreeRadius log (debug) :
------------------------
Starting - reading configuration files ...

...skipping
Module: Instantiated mschap (mschap)
Module: Loaded Pam
 pam: pam_auth = "radiusd"
Module: Instantiated pam (pam)

...shipping
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 200.1.1.1:1645, id=36, length=78
        NAS-IP-Address = 200.1.1.1
        NAS-Port = 66
        NAS-Port-Type = Virtual
        User-Name = "pamuser"
        Calling-Station-Id = "200.2.2.1"
        User-Password = "blablabla"
  Processing the authorize section of radiusd.conf

... skipping
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type PAM
auth: type "PAM"
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: function pam_authenticate FAILED for <pamuser>. Reason:
Authentication failure
  modcall[authenticate]: module "pam" returns reject for request 0
modcall: group Auth-Type returns reject for request 0
auth: Failed to validate the user.

Any suggestion regarding why PAM module refuse the authentication ?

Thank in advance.

Jean-Paul.

Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature
_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list