Hi, The authentication fails because radiusd daemon is running under radiusd user. When radiusd is running as root uid, pam authentication works fine. Jean-paul. Jean-Paul.Chapalain@xxxxxxx wrote: > I'm trying to run authentication from FreeRadius (Version 1.0.1) with Pam. > > So, i've created a Unix user (Fermi Linux LTS Release 3.0.1): pamuser. > > When, i'm using "su" command with pam for this user with radiusd user, > it's ok : (/var/log/messages) > Feb 20 17:12:19 tuxrazor su(pam_unix)[20566]: session opened for user > pamuser by radiusd(uid=502) > > When, i'm using pam for authenticate a freeradius user, i've a > autenthication failure : (/var/log/messages) > Feb 20 17:10:16 tuxrazor radiusd(pam_unix)[19912]: authentication > failure; logname= uid=502 euid=502 tty= ruser= rhost= user=pamuser > > See below : > /etc/pam.d/radiusd : > -------------------- > #%PAM-1.0 > auth required /lib/security/pam_unix_auth.so shadow nullok > auth required /lib/security/pam_nologin.so > account required /lib/security/pam_unix_acct.so > password required /lib/security/pam_cracklib.so > password required /lib/security/pam_unix_passwd.so shadow nullok > use_authtok > session required /lib/security/pam_unix_session.so > > FreeRadius log (debug) : > ------------------------ > Starting - reading configuration files ... > > ...skipping > Module: Instantiated mschap (mschap) > Module: Loaded Pam > pam: pam_auth = "radiusd" > Module: Instantiated pam (pam) > > ...shipping > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > rad_recv: Access-Request packet from host 200.1.1.1:1645, id=36, length=78 > NAS-IP-Address = 200.1.1.1 > NAS-Port = 66 > NAS-Port-Type = Virtual > User-Name = "pamuser" > Calling-Station-Id = "200.2.2.1" > User-Password = "blablabla" > Processing the authorize section of radiusd.conf > > ... skipping > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type PAM > auth: type "PAM" > Processing the authenticate section of radiusd.conf > modcall: entering group Auth-Type for request 0 > pam_pass: using pamauth string <radiusd> for pam.conf lookup > pam_pass: function pam_authenticate FAILED for <pamuser>. Reason: > Authentication failure > modcall[authenticate]: module "pam" returns reject for request 0 > modcall: group Auth-Type returns reject for request 0 > auth: Failed to validate the user. > > Any suggestion regarding why PAM module refuse the authentication ? > > Thank in advance. > > Jean-Paul. >
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
