From owner-freebsd-hackers@FreeBSD.ORG Fri Mar 9 18:09:23 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A5B0116A406 for ; Fri, 9 Mar 2007 18:09:23 +0000 (UTC) (envelope-from mrsaraiva@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.238]) by mx1.freebsd.org (Postfix) with ESMTP id 5453913C494 for ; Fri, 9 Mar 2007 18:09:21 +0000 (UTC) (envelope-from mrsaraiva@gmail.com) Received: by wr-out-0506.google.com with SMTP id i30so1375963wra for ; Fri, 09 Mar 2007 10:09:20 -0800 (PST) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uUuvfUnx5OxZzW9ASJSobjghSbxDft81noKxUsJnKGhsBjz2W72nNb4XG4VU1OUNUewmRpKpUlCfMxLsfoefyXosCQ0y1WsLPVfSsdr4QgFM/GW1jngpvAN+5xR1pwo2hba/Hv0URl2J1kIllzcc7z3E2u5uHDyfXPEvLLHUY+0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=g7a5hlZi1f5ZONB1VfVGb3I4IgSDnvwNOU+RwFPQSVstBiBAcd18NGk0BWwDdU4SuEXNMK4L/c6OFWSvi3qBIXXilp4sxStFzVmExeS3uzECyj8HNiHBNAnc1MDZAUo/SGyYFY9fsU8jVs2AK/sF291bqomSWJfR1wEWFKk9kts= Received: by 10.100.195.10 with SMTP id s10mr1531400anf.1173462215137; Fri, 09 Mar 2007 09:43:35 -0800 (PST) Received: by 10.100.191.13 with HTTP; Fri, 9 Mar 2007 09:43:35 -0800 (PST) Message-ID: Date: Fri, 9 Mar 2007 17:43:35 +0000 From: "Mario Saraiva" To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mailman-Approved-At: Fri, 09 Mar 2007 18:25:06 +0000 Subject: Need Help - pam_radius X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2007 18:09:23 -0000 Hi Community, I hope that i send this mail to the rigth place. I'm trying to make authentication using the pam_radius, but i have some issues that i don't know if it possible to manage. Is that possible to configure this module to send also other attributes like "Calling-Station-Id" on the request authentication? I was google around and didn't find any way how to do it. Second, after a successful authentication i want to send accounting information to the server but to the server, the messages "acct-start" and "acct-stop", but is not working in order to control a PIX firewall to open and close access to the authenticated user. At this moment i can authenticate users by ssh but is not sending the "acct-start" and "acct-stop". On the log's a receive the following messages: Mar 9 17:33:31 marte sshd[1237]: Accepted keyboard-interactive/pam for xmario from 192.168.1.2 port 52923 ssh2 Mar 9 17:33:32 marte sshd[1239]: in openpam_dispatch(): pam_radius.so: no pam_sm_open_session() Mar 9 17:34:31 marte su: xmario to root on /dev/ttyp0 I'm using FreeBSD 5.4 and i manage the following configuration files: /etc/radius.conf auth 10.10.10.1:1812 secret 10 acct 10.10.10.1:1813 secret 10 /etc/pam.d/sshd # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth auth required pam_nologin.so auth required pam_radius.so # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_radius.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass Kind Regards Mario