..:: VSFTP - PAM - RADIUS ::..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everyone.

I'm trying to use PAM and my radius server in order to authenticate de users of our vsftp server, right now I'm able to get the access accept from the radius but PAM seems not to understand it.

Here's my pam configuration:

#%PAM-1.0
auth sufficient pam_radius_auth.so debug
account sufficient pam_radius_auth.so debug
session    optional     pam_keyinit.so    force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth       required     pam_shells.so
auth       include      password-auth
account    include      password-auth
session    required     pam_loginuid.so
session    include      password-auth

Here's the PAM debug log:

Sep 14 10:59:10 CRM vsftpd[9643]: pam_radius_auth: Sending RADIUS request code 1 Sep 14 10:59:10 CRM vsftpd[9643]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 10657568. Sep 14 10:59:10 CRM vsftpd[9643]: pam_radius_auth: Got RADIUS response code 2
Sep 14 10:59:10 CRM vsftpd[9643]: pam_radius_auth: authentication succeeded
Sep 14 10:59:45 CRM vsftpd[9670]: pam_radius_auth: Got user name adgalvanh
Sep 14 10:59:46 CRM vsftpd[9670]: pam_radius_auth: Sending RADIUS request code 1 Sep 14 10:59:46 CRM vsftpd[9670]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 7122720. Sep 14 10:59:46 CRM vsftpd[9670]: pam_radius_auth: Got RADIUS response code 2
Sep 14 10:59:46 CRM vsftpd[9670]: pam_radius_auth: authentication succeeded

The vsftp has the value:

 pam_service_name=vsftpd

On the vsftp log I got the OK LOGIN:
Mon Sep 17 17:28:05 2012 [pid 12728] FTP response: Client "172.16.101.100", "220-###############################################################" Mon Sep 17 17:28:05 2012 [pid 12728] FTP response: Client "172.16.101.100", "220-Todo acceso a este equipo es restringido y monitoreado, toda" Mon Sep 17 17:28:05 2012 [pid 12728] FTP response: Client "172.16.101.100", "220-actividad es ingresada a una bitacora." Mon Sep 17 17:28:05 2012 [pid 12728] FTP response: Client "172.16.101.100", "220-###############################################################" Mon Sep 17 17:28:05 2012 [pid 12728] FTP response: Client "172.16.101.100", "220 " Mon Sep 17 17:28:05 2012 [pid 12728] FTP command: Client "172.16.101.100", "AUTH TLS" Mon Sep 17 17:28:05 2012 [pid 12728] FTP response: Client "172.16.101.100", "234 Proceed with negotiation." Mon Sep 17 17:28:05 2012 [pid 12728] DEBUG: Client "172.16.101.100", "SSL version: TLSv1/SSLv3, SSL cipher: AES128-SHA, not reused, no cert" Mon Sep 17 17:28:05 2012 [pid 12728] FTP command: Client "172.16.101.100", "USER aareyes" Mon Sep 17 17:28:05 2012 [pid 12728] [aareyes] FTP response: Client "172.16.101.100", "331 Please specify the password." Mon Sep 17 17:28:05 2012 [pid 12728] [aareyes] FTP command: Client "172.16.101.100", "PASS <password>" Mon Sep 17 17:28:05 2012 [pid 12727] [aareyes] OK LOGIN: Client "172.16.101.100"

But I can't connect from my FTP client:

CYBERDUCK

I/O Error: Connection failed
Unsupported record version Unknown-48.48.

FILEZILLA

Status:    Waiting to retry...
Status:    Connecting to 172.16.18.113:21...
Status:    Connection established, waiting for welcome message...
Response: 220-############################################################### Response: 220-Todo acceso a este equipo es restringido y monitoreado, toda
Response:    220-actividad es ingresada a una bitacora.
Response: 220-###############################################################
Response:    220
Command:    AUTH TLS
Response:    234 Proceed with negotiation.
Status:    Initializing TLS...
Status:    Verifying certificate...
Command:    USER aareyes
Status:    TLS/SSL connection established.
Response:    331 Please specify the password.
Command:    PASS **************
Error: GnuTLS error -8: A record packet with illegal version was received.
Error:    Could not connect to server

But according to the log, everything is fine with the authentication, any ideas?

Thanks in advance for your help.


Regards.

Alfonso.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux