[linux] pam.d & radius

Ing. Rudolf Kollar Rudolf.Kollar na fedu.ku.sk
Středa Říjen 31 21:46:07 CET 2007 

Martin Kyrc  wrote / napísal(a):
> ahoj,
> co pise /var/log/auth.log na strane 'klienta'?
>
> m.
>
> Ing. Rudolf Kollar wrote:
>   
>> Zdravim. Mam problem s nastavenim autorizacie pomocou radius servera.
>> Pouzity system ubuntu 7.10. Naistaloval som modul pam_radius_auth, ten
>> si vytvoril subor /etc/pam_radius_auth.conf > do neho som zadal host,
>> port, secret, time. V /etc/pam.d som nastavil:
>> common-auth:
>> auth sufficient pam_radius_auth.so ignore_unknown_user
>> auth required pam_unix.so nullok_secure
>> common_account:
>> account sufficient      pam_radius_auth.so ignore_unknown_user
>> account sufficient      pam_unix.so use_first_pass
>> account required        pam_deny.so
>> common_session
>> session sufficient      pam_radius_auth.so
>> session required        pam_unix.so
>> session optional        pam_foreground.so
>> common_passwd
>> password   sufficient  pam_radius_auth.so
>> password   required   pam_unix.so nullok obscure md5
>>
>> Ked sa skusim prihlasit tak mi vypise hlasku "Login incorrect". Na
>> radiuse je v logoch ze autorizacia je OK. Naistaloval som aj Freeradius
>> kvoli "radtest" a ten je Accept. Vychadza mi z toho ze radius je OK a
>> chyba je niekde u mna - ale kde?
>>     
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
>
>   
/var/log/auth.log

Oct 31 23:33:05 test sshd[4406]: pam_radius_auth: Got user name budha na xxx.sk
Oct 31 23:33:05 test sshd[4406]: pam_radius_auth: Sending RADIUS request
code 1
Oct 31 23:33:05 test sshd[4406]: pam_radius_auth: packet from RADIUS
server xxx.xxx.xxx.x fails verification: The shared secret is probably
incorrect.
Oct 31 23:33:05 test sshd[4406]: pam_radius_auth: All RADIUS servers
failed to respond.
Oct 31 23:33:05 test sshd[4406]: pam_radius_auth: authentication failed

Radtest sa mi vratil  Accept. Shared secret je na 100% v poriadku -
chyba bude niekde inde. 
Momentalne mam v /etc/pam.d/ssh napisane toto:
account      sufficient      pam_radius_auth.so
account      required        pam_unix.so
auth           sufficient      pam_radius_auth.so debug
auth            required        pam_unix.so nullok_secure use_first_pass
password        sufficient      pam_radius_auth.so
password        required        pam_unix.so nullok obscure min=4 max=8 md5
session sufficient      pam_radius_auth.so
session required        pam_unix.so

Další informace o konferenci linux