[RADIATOR] pam_radius_auth x86_64 password garbled RHEL/CENTOS 5.8

Heikki Vatiainen hvn at open.com.au
Thu Mar 15 18:11:57 CDT 2012


On 03/14/2012 07:22 PM, Judd Maltin wrote:

> I'm kinda posting to the wrong list - but was hoping to hit a lot of
> RADIUS folks here.  I'm having a big pinch of trouble.
> 
> I'm compiling my pam_radius_auth on x86_64 source and getting the
> following in my logs - the password is showing ^M^?INCORRECT - that's
> totally wrong:

Looks like there are failures to sending to RADIUS server. Maybe they
are part of the problem.

Please see my comments below:

> Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Got user name
> jmaltin@<ip_removed_by_poster>
> Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Sending RADIUS request code 1
> Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: DEBUG:
> getservbyname(radius, udp) returned 1005286112.
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: RADIUS server
> 127.0.0.1 failed to respond
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: DEBUG:
> get_ipaddr(Add) returned 0.
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Failed looking up
> IP address for RADIUS server Add (errcode=9)
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: DEBUG:
> getservbyname(radius, udp) returned 1005286112.
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got RADIUS response code 3
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: authentication failed
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got user name
> jmaltin@<removed_by_poster>
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT

The comment in pam_radius_auth.c just before 'Got password ...' message
says:

/* grab the password (if any) from the previous authentication layer */

The call that grabs the password, in this case '^M^?INCORRECT', is
pam_get_item() where the item type is PAM_AUTHTOK. According to manual
page, this is the password from pam module stack.

http://linux.die.net/man/3/pam_get_item

So maybe this is a PAM configuration issue.

> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Sending RADIUS request code 1
> Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: DEBUG:
> getservbyname(radius, udp) returned 1005286112.
> Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: RADIUS server
> 127.0.0.1 failed to respond
> Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: DEBUG:
> get_ipaddr(Add) returned 0.
> Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: Failed looking up
> IP address for RADIUS server Add (errcode=9)
> Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: DEBUG:
> getservbyname(radius, udp) returned 1005286112.
> Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: Got RADIUS response code 3
> Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: authentication failed
> Mar 14 12:57:31 app2 sshd[12858]: Failed password for invalid user
> jmaltin at voxel.net from <ip_removed_by_poster> port 44398 ssh2
> 
> 
> What's the magic way to compile this for x86_64?

The compile probably went fine. I do not think there would be any
difference with 32bit machine. The warnings seem to be valid, but I do
not think they are related to the problems you are seeing.

> Notice I added the -m64 to try to force 64 bit.
> 
> [root at app2 pam_radius-1.3.17]# make
> cc -Wall -fPIC -m64 -c pam_radius_auth.c -o pam_radius_auth.o
> pam_radius_auth.c: In function ‘talk_radius’:
> pam_radius_auth.c:886: warning: pointer targets in passing argument 6
> of ‘recvfrom’ differ in signedness

Seems to be int vs size_t

> pam_radius_auth.c: In function ‘pam_sm_authenticate’:
> pam_radius_auth.c:1102: warning: assignment from incompatible pointer type

Pointer vs pointer to pointer.

> cc -Wall -fPIC -m64   -c -o md5.o md5.c
> ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so
> [root at app2 pam_radius-1.3.17]#

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list