[Swan] Fail to authenticate trough PAM+radius in version 3.15, same conf working on 3.13

Antonio Silva asilva at wirelessmundi.com
Sun Nov 15 09:40:30 UTC 2015


The git version works ok. I'm leaving this version running.

Thanks.

On 11/15/2015 01:13 AM, Paul Wouters wrote:
> There is a bug fix for that in git that will be in 3.16. Please check GitHub for the patch
>
> Sent from my iPhone
>
>> On Nov 15, 2015, at 06:26, Antonio Silva <asilva at wirelessmundi.com> wrote:
>>
>> Hi,
>>
>> I just update libreswan to newest 3.15 from 3.13 but now i can't authenticate the user using XAUTH with pam+radius with the came configuration.
>>
>>
>> Not sure if it could be some issue with some external lib... i'm using debian wheezy - i did all the tricks to install with the newest version of nss...
>>
>> The password sent to radius server has the same value as the username...
>>
>> Could it be because of Debian version or is could be an issue in the new version?
>>
>>
>> Thanks.
>>
>>
>>
>> My pam configuration is:
>>
>> auth required pam_radius_auth.so
>> account required pam_radius_auth.so
>> session required pam_radius_auth.so
>>
>>
>>
>> The respective log when it fail is:
>>
>> ***------ VERSION 3.15 - ERROR
>>
>> Nov 14 21:45:13 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: Sending Username/Password request (XAUTH_R0)
>> Nov 14 21:45:13 sol pluto[2605]: XAUTH: User vpnuser: Attempting to login
>> Nov 14 21:45:13 sol pluto[2605]: XAUTH: pam authentication being called to authenticate user vpnuser
>> Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Got user name vpnuser
>> Nov 14 21:45:13 sol pluto[2605]: pam_radius_auth: Sending RADIUS request code 1
>> Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: Got RADIUS response code 3
>> Nov 14 21:45:14 sol pluto[2605]: pam_radius_auth: authentication failed
>> Nov 14 21:45:14 sol pluto[2605]: XAUTH: pam_authenticate failed with 'Authentication failure'
>> Nov 14 21:45:14 sol pluto[2605]: XAUTH: User vpnuser: Authentication Failed: Incorrect Username or Password
>> Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: Unsupported XAUTH basic attribute XAUTH-STATUS received.
>> Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: Expected MODE_CFG_REPLY is missing username and password attribute
>> Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: Sending Username/Password request (XAUTH_R0)
>> Nov 14 21:45:14 sol pluto[2605]: "tunnel8-aggr"[4] 188.81.44.230 #3: XAUTH: User <unknown>: Authentication Failed (retry 1)
>>
>>
>>
>>
>> --- radius recv pkt:
>> (0) Received Access-Request Id 151 from 127.0.0.1:5141 to 127.0.0.1:1812 length 126
>> (0)   User-Name = "vpnuser"
>> (0)   User-Password = "vpnuser"
>> (0)   NAS-IP-Address = 127.0.1.1
>> (0)   NAS-Identifier = "pluto"
>> (0)   NAS-Port = 4116
>> (0)   NAS-Port-Type = Virtual
>> (0)   Service-Type = Authenticate-Only
>> (0)   Calling-Station-Id = "188.81.44.230"
>>
>>
>> ****------ VERSION 3.13 -- SUCCESS
>>
>> Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: Sending XAUTH Login/Password Request
>> Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: Sending Username/Password request (XAUTH_R0)
>> Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Attempting to login
>> Nov 14 22:16:26 sol pluto[28470]: XAUTH: pam authentication being called to authenticate user vpnuser
>> Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got user name vpnuser
>> Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Sending RADIUS request code 1
>> Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: Got RADIUS response code 2
>> Nov 14 22:16:26 sol pluto[28470]: pam_radius_auth: authentication succeeded
>> Nov 14 22:16:26 sol pluto[28470]: XAUTH: PAM_SUCCESS
>> Nov 14 22:16:26 sol pluto[28470]: XAUTH: User vpnuser: Authentication Successful
>> Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: XAUTH: xauth_inR1(STF_OK)
>> Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
>> Nov 14 22:16:26 sol pluto[28470]: "tunnel8-aggr"[2] 188.81.44.230 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
>>
>>
>> --- radius recv pkt:
>> (0) Received Access-Request Id 64 from 127.0.0.1:15519 to 127.0.0.1:1812 length 110
>> (0)   User-Name = "vpnuser"
>> (0)   User-Password = "1234test"
>> (0)   NAS-IP-Address = 127.0.1.1
>> (0)   NAS-Identifier = "pluto"
>> (0)   NAS-Port = 14494
>> (0)   NAS-Port-Type = Virtual
>> (0)   Service-Type = Authenticate-Only
>> (0)   Calling-Station-Id = "188.81.44.230"
>>
>>
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan



More information about the Swan mailing list