From owner-freebsd-isp  Wed Jul 24 17:12:46 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 768F837B400; Wed, 24 Jul 2002 17:12:42 -0700 (PDT)
Received: from cliff.mfn.org (cliff.mfn.org [204.238.179.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C7E9443E7B; Wed, 24 Jul 2002 17:12:41 -0700 (PDT)
	(envelope-from measl@mfn.org)
Received: from greeves.mfn.org (greeves.mfn.org [204.238.179.37])
	by cliff.mfn.org (8.11.1/8.9.3) with ESMTP id g6P0CZ209276;
	Wed, 24 Jul 2002 19:12:36 -0500 (CDT)
	(envelope-from measl@mfn.org)
Date: Wed, 24 Jul 2002 19:12:34 -0500 (CDT)
From: Alif The Terrible <measl@mfn.org>
To: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org
Subject: pam_radius and logins (2nd request for help)
Message-ID: <Pine.BSF.4.21.0207241905020.2092-100000@greeves.mfn.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org


Hello,

I am attempting to centralize login credentials via RADIUS, as opposed to the
current [evil] NIS.

Currently, a telnet to my RADIUS authenticated [PAM] host goes like this:

	su-2.05a# telnet localhost
	Trying 127.0.0.1...
	Connected to localhost.mfn.org.
	Escape character is '^]'.
	Trying SRA secure login:
	User (root): test
	Password:			<--- RADIUS PW is accepted according
	[ SRA accepts you ]		to logs.

	FreeBSD/i386 (STEELMILL) (ttyp1)

	RADIUS password:		<--- RADIUS again sends an accept, but...
	Login incorrect
	login:


It looks to me like telnetd is getting it right, but the login process is
missing it.  I have tried many variation of the default pam.conf with no
changes.  I have noticed that if I place a passwd entry for "test", using
"*" for the password, auth works.  This led me to try using
"template_user=nobody", without success.

Does anybody have RADIUS auth working for direct logins?  (The NAS are fine,
it's just telnet/login/ssh on the BSD boxen themselves that are borked...

Please copy me directly, as I am not currently subscribed.

P.S. How's 5.0 looking for the targeted release date?  Inquiring daemons want
to know!

-- 
Yours, 
J.A. Terranson
sysadmin@mfn.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message