This is a discussion on RE: OpenSSH, Radius, PAM & NOUSER issue - openssh ; Hi ! Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem. Firstly, I'm using : - openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux ...
Sorry to bring back the infamous "NOUSER" in the conversation but I didn't get the workaround on that problem.
Firstly, I'm using :
- openssh-3.1p1-15 which is the version which comes by default with my Red Hat Linux Advanced Server release 2.1AS.
- I'm using PAM, set up to use radius. Please find below the /etc/pam.d/sshd file :
auth sufficient /lib/security/pam_radius_auth.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
- I'm using the FreeRadius server. It is up and running in debug mode (see output below)
I'm trying to connect to this server using ssh :
The login name I used is : test
passwd : test
- This is my var/log/messages :
Jan 16 19:34:59 machine_of_the_test sshd(pam_unix): check pass; user unknown
Jan 16 19:34:59 machine_of_the_test sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.60.76
- This is the request coming to the radius server. As you can see Username is "NOUSER"
rad_recv: Access-Request packet from host 172.16.zzz.xxx:18299, id=22, length=91
User-Name = "NOUSER"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "sshd"
NAS-Port = 17274
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.xxx.xxx"
How can I solve this ? I want sshd to pass on to PAM the real username if it is not found is /etc/passwd and not the fake username "NOUSER". How do I do that ?
I have more than 100 servers to administrate. I need an (very) easy way to do it !
Merci for your help !
Philippe Email: Philippe.LeGal@emea.eu.int
This e-mail has been scanned for all known viruses by EMEA.
openssh-unix-dev mailing list