(RADIATOR) PAM authentication

Hugh Irvine hugh at open.com.au
Mon Apr 25 00:45:47 CDT 2005 

Hello Judy -

This looks like the AuthBy PAM module is not correctly checking the 
password.

Have a look at section 6.40 in the Radiator 3.12 reference manual for 
details ("doc/ref.html").

There is also an example in "goodies/pam.cfg".

You should also check your system PAM logs to see what is happening 
there.

BTW - in what you show below the "users" file will never be used.

regards

Hugh


On 25 Apr 2005, at 07:06, J.Angel at herts.ac.uk wrote:

> We are running Radiator3.9 on Solaris 9. When a cisco VPN clients 
> sends a userid at realm with any password, the conection is authenticated 
> and accespted, even with the wrong password. If the userid is 
> incorrect the request is rejected.
>
> Is the code below wrong?
>
> Thanks
>
> Judy Angel
> University of Hertfordshire
>
>
>
> users:
> DEFAULT Auth-Type = CheckPAM
>       Framed-Protocol = PPP,
>        Framed-Routing = None
>
>
> config file:
> <Realm DEFAULT>
>        <AuthBy PAM>
>        Service passwd
>        </AuthBy>
> </Realm>
>
>
> debug Code: Access-Request Identifier: 222 Authentic: 
> <224>*<232><158><1><242><170><190><144><223><19><172><183><206><228> 
> <159> Attributes:
>        NAS-IP-Address = 1.2.3.4
>        NAS-Port-Type = Async
>        User-Name = "ccsqja"
>        Calling-Station-Id = "1.2.3.5"
>        User-Password = 
> "<13><185><232>K<178><19>@<135>t<157><251>?<185>-o<254>"
>
> Fri Apr 22 09:33:55 2005: DEBUG: Handling request with Handler 
> 'Realm=DEFAULT' Fri Apr 22 09:33:55 2005: DEBUG: Deleting session for 
> ccsqja, 1.2.3.4, Fri Apr 22 09:33:55 2005: DEBUG: Handling with PAM 
> service passwd Fri Apr 22 09:33:55 2005: DEBUG: Access accepted for 
> ccsqja Fri Apr 22 09:33:55 2005: DEBUG: Packet dump: *** Sending to 
> 1.2.3.5 port 49049 ....
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list