PAM_radius
ibrownie18 opened this issue · 1 comments
Sorry For My Bad English. I want to build system authentication based on radius server in my linux PC. I installed libpam-radius-auth_1.3.16.-5_amd64.deb. If my radius server not accessible, then used local authentication. If my radius server accessible, then used only radius server (local authentication is deny). And it's my problem. I found next scrip, but option 'localifdown' in pam_radius_auth.so unregognezed. But this option does what i need, and used in other scripts in Internet.
Can you help me?
This is my settings pam for ssh
root@home:~# more /etc/pam.d/sshd
auth required pam_env.so # [1]
auth required pam_env.so envfile=/etc/default/locale
auth [success=done default=bad authinfo_unavail=bad ignore=ignore] pam_radius_auth.so localifdown
@include common-auth
This is log after authentication
root@home:~# more /var/log/auth.log
Mar 19 17:23:32 home sshd[7350]: pam_radius_auth: unrecognized option 'localifdown'
Mar 19 17:23:32 home sshd[7350]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 1425368320.
Mar 19 17:23:32 home sshd[7350]: Accepted password for bob from 192.168.200.4 port 58510 ssh2
packages installed
root@home:~# dpkg -l | grep pam
ii libpam-modules:amd64 1.1.8-3.1+deb8u2+b1 amd64 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.8-3.1+deb8u2+b1 amd64 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-radius-auth 1.3.16-5 amd64 The PAM RADIUS authentication module
ii libpam-runtime 1.1.8-3.1+deb8u2 all Runtime support for the PAM library
ii libpam-script 1.1.5-1 amd64 PAM module which allows executing a script
ii libpam0g:amd64 1.1.8-3.1+deb8u2+b1 amd64 Pluggable Authentication Modules library
iU libpam0g-dev:amd64 1.1.8-3.1+deb8u2+b1 amd64 Development files for PAM
OS information
root@home:~ # uname -a
Linux sterragate 3.2.0-4-amd64 SMP Debian 3.2.81-2 x86_64 GNU/Linux
root@ home:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 7.11 (wheezy)
Release: 7.11
Codename: wheezy
The localifdown
flag is not supported. I have no idea what it's supposed to do, either.