Ubuntu
libpam-radius-auth package

PAM module for Radius not triggering Radius Access-Request

Asked by Hi Tae Shin

I have a Ubuntu server that I want to tie into MFA (Radius) server. I can use 'radclient' to send Access-Request to the MFA(Radius) server manually and verify that I get a correct response back. Now, I would like to do this with PAM for sshd service. However, when I add the following line in /etc/pam.d/sshd, I do not seem to see the Access-Request (I do not see any packets going out) like I expected:

auth sufficient pam_radius_auth.so debug (--> does not show debug messages in auth.log)

I did notice that if I put the following code in /etc/pam.d/sshd, then I see a Radius Accounting-Request going to the MFA(Radius) server, which is not configured (the server is expecting Access-Request).

session sufficient pam_radius_auth.so debug (--> posted debug messages in auth.log)

Am I doing something wrong? I looked through the code to see if I can find the cause and I see that session is calling the function with initialize(..., accounting=TRUE) while the others are calling the function with FALSE. The problem is that I don't think that the auth or account in PAM is calling this function at all.

Look forward to hearing any suggestions. Thank you in advance for your help.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu libpam-radius-auth Edit question
Assignee:
No assignee Edit question
Solved by:
Hi Tae Shin
Solved:
Last query:
Last reply:
Revision history for this message
Hi Tae Shin (hishin) said : 		#1

This was caused by the sshd setting, but not the pam configuration.

Not passing password will silently fail without showing any error messages.

After I changed sshd settings to accept Password, it started working properly.

I will close this question.