PAM module for Radius not triggering Radius Access-Request
I have a Ubuntu server that I want to tie into MFA (Radius) server. I can use 'radclient' to send Access-Request to the MFA(Radius) server manually and verify that I get a correct response back. Now, I would like to do this with PAM for sshd service. However, when I add the following line in /etc/pam.d/sshd, I do not seem to see the Access-Request (I do not see any packets going out) like I expected:
auth sufficient pam_radius_auth.so debug (--> does not show debug messages in auth.log)
I did notice that if I put the following code in /etc/pam.d/sshd, then I see a Radius Accounting-Request going to the MFA(Radius) server, which is not configured (the server is expecting Access-Request).
session sufficient pam_radius_auth.so debug (--> posted debug messages in auth.log)
Am I doing something wrong? I looked through the code to see if I can find the cause and I see that session is calling the function with initialize(..., accounting=TRUE) while the others are calling the function with FALSE. The problem is that I don't think that the auth or account in PAM is calling this function at all.
Look forward to hearing any suggestions. Thank you in advance for your help.
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Hi Tae Shin
- Solved:
- Last query:
- Last reply: