Forum OpenACS Q&A: Problems with PAM Authentication (need help :)

Hi everybody,

When I try to login via PAM I get "Permission denied" and the following error.log:

The

var/log/messages
file returns the following:

Nov 21 11:42:12 dotlrn nsd: PAM unable to resolve symbol: pam_sm_acct_mgmt
Nov 21 11:42:12 dotlrn nsd: pam_radius_auth: Got user name mazloumi
Nov 21 11:42:12 dotlrn nsd: pam_radius_auth: Sending RADIUS request code 1
Nov 21 11:42:12 dotlrn nsd: pam_radius_auth: Got RADIUS response code 2
Nov 21 11:42:12 dotlrn nsd: pam_radius_auth: authentication succeeded

This is what I did so far:

  • I installed pam, pam-radius and nspam on the server.
  • The remote radius server is running.
  • The radbb/server file contains the ip address of the radius server and the secret
  • I changed config.tcl to
    • ns_param  PamDomain "aolserver"
    • ns_param   nspam ${bindir}/nspam.so
  • I created a pam.d/aolserver file with the below two lines. The filename is identical to the PamDomain parameter in config.tcl:
    • auth sufficient /lib/security/pam_radius_auth.so debug
    • account sufficient /lib/security/pam_radius_auth.so debug
  • I created an xml file in accordance to IMS 1.1 and used the batch synchronisation to upload the user. Worked without error.
  • The user was in a pending state and I accepted it.

The log on the remote radius server says the following:

Attributes:
        User-Name = "mazloumi"
        User-Password = "xxxxx"
        NAS-IP-Address = 134.155.51.152
        NAS-Identifier = "aolserver"
        NAS-Port = 26015
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only

Fri Nov 21 11:41:05 2003: DEBUG: AFS_USER: mazloumi
Fri Nov 21 11:41:05 2003: DEBUG: Radius::AuthAFS looks for match with mazloumi Fri Nov 21 11:41:05 2003: DEBUG: Radius::AuthAFS ACCEPT: Fri Nov 21 11:41:05 2003: DEBUG: Access accepted for mazloumi

Does someone know why I get

dotlrn nsd: PAM unable to resolve symbol: pam_sm_acct_mgmt
? Please help me,
Nima
Collapse
Posted by Nima Mazloumi on
Just wanted to let others know how the problem was solved (thanks alot to Lars and Mat):

I had to install the latest version of pam_radius_auth from http://www.freeradius.org/pam_radius_auth/ (ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar
) since my version was 1.3.15 where the pam_sm_acct_mgmt() function was missing.

Now it works well.