Yubico Forum

I've got a few problems getting the PAM modules working. SSH seem to manage to authenticate but doesn't log in, FreeRadius just fails with everything (even with alwaysok). I am using Ubuntu for the tests (as I assumed that would be more compatible than Solaris - which is my next platform to test when I get this working...). I have tried both 1.6 and the SVN 1.7 pre-release.

Both seem to output this in my auth.log



Debug when using SSH - I can't get freeradius to create any debug (probably rejects the PAM):


Here is my FreeRadius log:


FYI: libyubikey-client seems to work just fine.

Any ideas?

i'm trying to get the pam module working on etch, and am having problems there. 1.6 and 1.7 don't seem to authenticate (or even prompt), but logins fail when the yubico-pam module is enabled.

debugging doesn't seem to be working either. i've been beating on it for about a day now. did you do anything special to get straight pam without radius running?

Folks,

Here are some of Yubikey PAM deployment cases with FreeRadius that works. Some requires a bit tweaking:

vpn/deployment_cases/

Thanks for comments

_________________
The YubiKey Server Guy

From http://code.google.com/p/yubico-pam/wiki/ReadMe
I copy Timm's solution here:

---
Use Yubikey for SSH login

http://code.google.com/p/yubico-pam/wiki/ReadMe

Comment by timm.tem, May 08, 2008

Follow exact same instructions but add

"auth sufficient pam_yubico.so id=16 debug" to

/etc/pam.d/ssh at the top!! and the edit /etc/ssh/sshd_config

and make sure that...

ChallengeResponseAuthentication? yes

UsePAM yes

Not required but good pratice

PermitRootLogin? no

_________________
The YubiKey Server Guy

Does your PAM library have the pam_set_data symbol? This seems like a weird error to me.



This error seems like it suggests a simple problem: you need a PAM module file "radiusd" or possibly "freeradius". Which name depends on what freeradius uses for PAM module. On my system, it uses "radiusd". So you will have to create a /etc/pam.d/radiusd with the proper PAM content (same as ssh file should work). Does this help?

/Simon

I too have this problem integrating with freeradius and pam


I put this in /etc/pam.d/radiusd


I "think" I followed the cookbook on the forum, but ... no luck.
Can someone give me a hint.

We would appreciate if you can provide us the following information so that we can try to identify the exact problem and provide a solution:

1) Operating System details (including distribution, major and minor version, etc.)
2) FreeRADIUS Server Version
3) Yubico PAM Version
4) FreeRADIUS Server Configuration file (radiusd.conf)
5) FreeRADIUS Clients Configuration file (clients.conf)
6) FreeRADIUS Users Configuration file (users)
7) FreeRADIUS Server PAM Configuration file (/etc/pam.d/radiusd)
8) SELinux Status (enforcing/permissive/disabled)

I found a way to make it work :
not very pretty, but it solves it for the moment.
could it be related with me using debian !?

So it is just a part of the pam subsystem that is not loaded automagicly. I am not a developer, and not familiar with the pam setup, so - no clue at this time.

But I can continue testing !

so, I realize this is an old topic but I am also having issues integrating PAM and FreeRadius.

I've followed everything in this thread (and searched the forums) but nothing seem to be working.

It looks like FreeRadius is having trouble loading the PAM module. I'm running FreeRadius from the command line so I can see the debug output. The following is the relevant output:



and here is my radiusd file in /etc/pam.d



If I change 'required' to 'sufficient' instead of 'module is unknown' I get "permission denied". If I replace the yubikey module with the pam_unix module radius authenticates just fine using the regular user password.

I can test my validation server manually and it seems to work. I have also configured SSH to use the exact same yubikey PAM with relatively no issues. I've got pam spitting out debug messages and I see it appending output when I ssh but not when I use 'radtest'

does anybody know what is going on?

as for all of the information requested by network-marvels:

1) OS: Ubuntu 9.10
2) FreeRADIUS Version 2.1.0
3) Yubico PAM: 2.2
4-6) The files are way too large to paste in here and the forum system won't allow me to upload them (it doesn't like the .conf or .txt file extension). Should I just paste them in here or is there a better way?
7)

8)SELinux status: disabled