I have more that 1000 user on my /etc/password I try to get centralize athutentication users by freeradius.
I passed install freeradius with mysql as was in http://wiki.freeradius.org/Basic_configuration_HOWTO
also I pass radtest as well
now I try to get change my sshd to get authenticate by pam modules as below
now I received below error
also my radius log is
any one can get help me to solve it ?
I passed install freeradius with mysql as was in http://wiki.freeradius.org/Basic_configuration_HOWTO
also I pass radtest as well
Code:
[root@client] /etc/pam.d #radtest admin admin 127.0.0.1 1 testing
Sending Access-Request of id 33 to 10.39.241.239 port 1812
User-Name = "admin"
User-Password = "admin"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=33, length=20now I try to get change my sshd to get authenticate by pam modules as below
Code:
[root@client] /etc/pam.d #cat sshd2
auth required pam_radius.so
account required pam_radius.so
password required pam_radius.so
[root@client] /etc/pam.d #cat /etc/radius.conf
auth 127.0.0.1 testing 1
acct 127.0.0.1 testing 1now I received below error
Code:
[root@client] /etc/pam.d #ssh -l admin 127.0.0.1
RADIUS Password:
pam_radius: pam_sm_authenticate: Radius rejection
RADIUS Password:
pam_radius: pam_sm_authenticate: Radius rejection
RADIUS Password:
pam_radius: pam_sm_authenticate: Radius rejection
Permission denied (keyboard-interactive).also my radius log is
Code:
rad_recv: Access-Request packet from host 127.0.0.1:51482, id=103, length=68
User-Name = "admin"
User-Password = "\010\n\INCORRECT"
NAS-Identifier = "client.adsl.com"
Service-Type = Authenticate-Only
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
radius_xlat: 'test'
rlm_sql (sql): sql_set_user escaped user --> 'test'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'test' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql: Failed to create the pair: Unknown value other for attribute NAS-Port-Type
rlm_sql (sql): Error getting data from database
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'test' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE usergroup.Username = 'test' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 4
modcall: leaving group authorize (returns ok) for request 4
auth: type Local
auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS!
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:51482, id=103, length=68
Sending Access-Reject of id 103 to 127.0.0.1 port 51482
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 41 with timestamp 4c2f5fde
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 103 with timestamp 4c2f5fe0
Nothing to do. Sleeping until we see a request.any one can get help me to solve it ?