[RADIATOR] All RADIUS servers failed to respond

Cover, Christopher R. CTR Christopher.Cover.ctr at med.navy.mil
Wed Feb 11 13:38:37 CST 2015


So sorry to display my ignorance, but I am having difficulty diagnosing why
we cannot authenticate with RADIUS.
I wonder if these clues might ring a bell with anyone with more experience.
Thank you very much in advance for any clues.

We are using Redhat Enterprise Linux 6.6, and the PAM module, pam_radius,
version 1.4.0 from FreeRADIUS.org (http://freeradius.org/pam_radius_auth/).
It was compiled by itself, apart from the FreeRADIUS server.

Our PAM configuration (/etc/pam.d/sshd):

#%PAM-1.0
auth       required     pam_sepermit.so
auth       sufficient   /usr/local/lib64/security/pam_radius_auth.so debug
client_id=sshsv
auth       include      password-auth

Our pam_radius module configuration (/etc/raddb/server):

xxx.xxx.xxx.150:1645 $3cr3t 3
xxx.xxx.xxx.151:1645 $3cr3t 3

Yet, invariably we receive the following from /var/log/secure:

Feb 11 13:34:41 client-host sshd[16967]: Invalid user testuser from
xxx.xxx.xxx.7
Feb 11 13:34:41 client-host sshd[16970]: input_userauth_request: invalid
user testuser
Feb 11 13:34:50 client-host sshd[16967]: pam_radius_auth: Got user name
testuser
Feb 11 13:34:50 client-host sshd[16967]: pam_radius_auth: ignore last_pass,
force_prompt set
Feb 11 13:34:50 client-host sshd[16967]: pam_radius_auth: Sending RADIUS
request code 1
Feb 11 13:34:53 client-host sshd[16967]: pam_radius_auth: RADIUS server
xxx.xxx.xxx.150 failed to respond
Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: RADIUS server
xxx.xxx.xxx.151 failed to respond
Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: All RADIUS servers
failed to respond.
Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: authentication
failed
Feb 11 13:34:56 client-host sshd[16967]: pam_unix(sshd:auth): check pass;
user unknown
Feb 11 13:34:56 client-host sshd[16967]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=remote-host

Have we missed something obvious?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5671 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20150211/e102bcb2/attachment.bin 


More information about the radiator mailing list