Hi !

Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem.

Firstly, I'm using :

- openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS.

- I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file :

#%PAM-1.0
auth sufficient /lib/security/pam_radius_auth.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so

- I'm using the FreeRadius server. It is up and running in debug mode (see output below)

I'm trying to connect to this server using ssh :

ssh test@machine_of_the_test

The login name I used is : test
passwd : test

- This is my var/log/messages :

Jan 16 19:34:59 machine_of_the_test sshd(pam_unix)[17647]: check pass; user unknown
Jan 16 19:34:59 machine_of_the_test sshd(pam_unix)[17647]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.60.76

- This is the request coming to the radius server. As you can see Username is "NOUSER"

rad_recv: Access-Request packet from host 172.16.zzz.xxx:18299, id=22, length=91
User-Name = "NOUSER"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "sshd"
NAS-Port = 17274
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.xxx.xxx"

How can I solve this ? I want sshd to pass on to PAM the real username if it is not found is /etc/passwd and not the fake username "NOUSER". How do I do that ?
I have more than 100 servers to administrate. I need an (very) easy way to do it !

Merci for your help !
Philippe Email: Philippe.LeGal@emea.eu.int

__________________________________________________ ______________________
This e-mail has been scanned for all known viruses by EMEA.
__________________________________________________ ______________________

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev