[RADIATOR] All RADIUS servers failed to respond

Heikki Vatiainen hvn at open.com.au
Wed Feb 11 14:54:49 CST 2015


On 02/11/2015 09:38 PM, Cover, Christopher R. CTR wrote:

> Our pam_radius module configuration (/etc/raddb/server):

On an Ubuntu 12.04 this file seems to be /etc/pam_radius_auth.conf

I guess /etc/raddb/server is correct in your case since pam appears to
find the server information. However, it might be useful to check you
are configuring the correct file.

> xxx.xxx.xxx.150:1645 $3cr3t 3
> xxx.xxx.xxx.151:1645 $3cr3t 3

> Feb 11 13:34:53 client-host sshd[16967]: pam_radius_auth: RADIUS server
> xxx.xxx.xxx.150 failed to respond
> Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: RADIUS server
> xxx.xxx.xxx.151 failed to respond
> Feb 11 13:34:56 client-host sshd[16967]: pam_radius_auth: All RADIUS servers
> failed to respond.

If the servers fail to respond, I would check the server logs (use Trace
4 for debugging) to see if they are receiving the requests. It may
happen that the requests are received by the servers, but they choose
not to respond because of a configuration or other problems.

I would also check the shared secrets. If the secret is incorrect, any
response the server sends back gets ignored because the client must
discard the requests with incorrect authenticator. The client may log
about this but I do not know if pam radius does.

If the secret is incorrect, the server most likely logs about bad
passwords too, because it does not have the correct secret to decrypt
the User-Password attribute.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list