On 03/14/2012 07:22 PM, Judd Maltin wrote: > I'm kinda posting to the wrong list - but was hoping to hit a lot of > RADIUS folks here. I'm having a big pinch of trouble. > > I'm compiling my pam_radius_auth on x86_64 source and getting the > following in my logs - the password is showing ^M^?INCORRECT - that's > totally wrong:
Looks like there are failures to sending to RADIUS server. Maybe they are part of the problem. Please see my comments below: > Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Got user name > jmaltin@<ip_removed_by_poster> > Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: Sending RADIUS request > code 1 > Mar 14 12:57:29 app2 sshd[12858]: pam_radius_auth: DEBUG: > getservbyname(radius, udp) returned 1005286112. > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: RADIUS server > 127.0.0.1 failed to respond > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: DEBUG: > get_ipaddr(Add) returned 0. > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Failed looking up > IP address for RADIUS server Add (errcode=9) > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: DEBUG: > getservbyname(radius, udp) returned 1005286112. > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got RADIUS response code 3 > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: authentication failed > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got user name > jmaltin@<removed_by_poster> > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Got password ^M^?INCORRECT The comment in pam_radius_auth.c just before 'Got password ...' message says: /* grab the password (if any) from the previous authentication layer */ The call that grabs the password, in this case '^M^?INCORRECT', is pam_get_item() where the item type is PAM_AUTHTOK. According to manual page, this is the password from pam module stack. http://linux.die.net/man/3/pam_get_item So maybe this is a PAM configuration issue. > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: Sending RADIUS request > code 1 > Mar 14 12:57:30 app2 sshd[12858]: pam_radius_auth: DEBUG: > getservbyname(radius, udp) returned 1005286112. > Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: RADIUS server > 127.0.0.1 failed to respond > Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: DEBUG: > get_ipaddr(Add) returned 0. > Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: Failed looking up > IP address for RADIUS server Add (errcode=9) > Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: DEBUG: > getservbyname(radius, udp) returned 1005286112. > Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: Got RADIUS response code 3 > Mar 14 12:57:31 app2 sshd[12858]: pam_radius_auth: authentication failed > Mar 14 12:57:31 app2 sshd[12858]: Failed password for invalid user > jmal...@voxel.net from <ip_removed_by_poster> port 44398 ssh2 > > > What's the magic way to compile this for x86_64? The compile probably went fine. I do not think there would be any difference with 32bit machine. The warnings seem to be valid, but I do not think they are related to the problems you are seeing. > Notice I added the -m64 to try to force 64 bit. > > [root@app2 pam_radius-1.3.17]# make > cc -Wall -fPIC -m64 -c pam_radius_auth.c -o pam_radius_auth.o > pam_radius_auth.c: In function ‘talk_radius’: > pam_radius_auth.c:886: warning: pointer targets in passing argument 6 > of ‘recvfrom’ differ in signedness Seems to be int vs size_t > pam_radius_auth.c: In function ‘pam_sm_authenticate’: > pam_radius_auth.c:1102: warning: assignment from incompatible pointer type Pointer vs pointer to pointer. > cc -Wall -fPIC -m64 -c -o md5.o md5.c > ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so > [root@app2 pam_radius-1.3.17]# Thanks! Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
