PAM configuration using Radius

General support questions
Post Reply
kailashkkd
Posts: 3
Joined: 2017/06/17 14:15:14

PAM configuration using Radius

Post by kailashkkd » 2017/06/28 12:11:48

Hi All,

I am working on RCA issue, where i have configured a PAM in my centos 7.2 VM using Radius.
The PAM configuration is working fine for 1 day and after that , i am not able to login into the vm.
so i have to disable UsePAM=no in sshd_config file and also disable selinux to gain access to the vm.

Below is my files:

# pam_radius_auth configuration file. Copy to: /etc/raddb/server
#
# For proper security, this file SHOULD have permissions 0600,
# that is readable by root, and NO ONE else. If anyone other than
# root can read this file, then they can spoof responses from the server!
#
# There are 3 fields per line in this file. There may be multiple
# lines. Blank lines or lines beginning with '#' are treated as
# comments, and are ignored. The fields are:
#
# server[:port] secret [timeout]
#
# the port name or number is optional. The default port name is
# "radius", and is looked up from /etc/services The timeout field is
# optional. The default timeout is 3 seconds.
#
# If multiple RADIUS server lines exist, they are tried in order. The
# first server to return success or failure causes the module to return
# success or failure. Only if a server fails to response is it skipped,
# and the next server in turn is used.
#
# The timeout field controls how many seconds the module waits before
# deciding that the server has failed to respond.
#
# server[:port] shared_secret timeout (s)
#127.0.0.1 secret 1
#other-server other-secret 3
104.232.34.108 denave@123 60
#
# having localhost in your radius configuration is a Good Thing.
#
# See the INSTALL file for pam.conf hints.

=========
PAM

#%PAM-1.0
auth required pam_radius_auth.so
auth include password-auth
auth required pam_sepermit.so
auth sufficient password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth

============
errors in auth.log file

Jun 21 13:00:00 CentOSVM sshd[43223]: pam_unix(sshd:session): session closed for user arjunc
Jun 21 13:00:14 CentOSVM sshd[43332]: reverse mapping checking getaddrinfo for 115.112.32.90.static-delhi.vsnl.net.in [115.112.32.90] failed - POSSIBLE BREAK-IN ATTEMPT!
Jun 21 13:00:14 CentOSVM sshd[43332]: PAM unable to dlopen(/lib64/security/password-auth): /lib64/security/password-auth: cannot open shared object file: No such file or directory
Jun 21 13:00:14 CentOSVM sshd[43332]: PAM adding faulty module: /lib64/security/password-auth
Jun 21 13:00:18 CentOSVM sshd[43358]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -1121568352.
Jun 21 13:00:19 CentOSVM unix_chkpwd[43359]: password check failed for user (arjunc)
Jun 21 13:00:19 CentOSVM sshd[43358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.112.32.90 user=arjunc
Jun 21 13:00:21 CentOSVM sshd[43332]: error: PAM: Authentication failure for arjunc from 115.112.32.90
Jun 21 13:00:27 CentOSVM sshd[43360]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -1121568352.
Jun 21 13:00:30 CentOSVM sshd[43332]: error: PAM: Authentication failure for arjunc from 115.112.32.90

Jun 21 13:02:43 CentOSVM unix_chkpwd[43521]: password check failed for user (arjunc)
Jun 21 13:02:43 CentOSVM sshd[43520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.112.32.90 user=arjunc
Jun 21 13:02:45 CentOSVM sshd[43514]: error: PAM: Authentication failure for arjunc from 115.112.32.90

Jun 21 13:04:47 CentOSVM sshd[43575]: Accepted keyboard-interactive/pam for arjunc from 115.112.32.90 port 55294 ssh2
Jun 21 13:04:47 CentOSVM sshd[43575]: pam_unix(sshd:session): session opened for user arjunc by (uid=0)

Jun 22 09:18:18 CentOSVM sshd[35217]: Failed password for arjunc from 115.112.32.90 port 2941 ssh2

Jun 22 13:42:18 CentOSVM sshd[48674]: Failed password for arjunc from 115.112.32.90 port 32611 ssh2
Jun 22 13:42:22 CentOSVM sshd[48674]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 922503584.
Jun 22 13:42:25 CentOSVM sshd[48674]: Failed password for arjunc from 115.112.32.90 port 32611 ssh2


Any idea why this is not working now, when it was working earlier

Post Reply