[FUG-BR] FreeRadius+pam_pop3

[Matheus Cucoloto]

E ae galéra...
to levantando um pppoed+radius+pam_pop3.

A ideia é autenticar os usuarios através do servidor de e-mail.

Bom, se eu coloco um usuario em users, a autenticação eh perfeita o pc
conecta e tudo mais.

Agora se eu conecto usando uma conta do pop o radius nem tenta se
conectar no meu pop (monitorando através de tcpdump).

Ai não satisfeito, rodei um radtest e vejam soh a saida.

pppoed# radtest -d /usr/local/etc/raddb matheus qwe123 localhost 10 testing123
Sending Access-Request of id 24 to 127.0.0.1 port 1812
        User-Name = "matheus"
        User-Password = "qwe123"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 10
Re-sending Access-Request of id 24 to 127.0.0.1 port 1812
        User-Name = "matheus"
        User-Password = "qwe123"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 10
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=24, length=20
pppoed#

BLEEEEZA no tcpdump teve comunicação mas mesmo assim não funciono, mas
dai... eu do um tail no debug.log e vejam só.

Jun 20 11:25:15 pppoed PAM-pop3[3059]: Authentication Succeeded for
matheus at server servidor port 110

Então quer dizer que ele bateu no meu pop e o pop autentico o usuario.

Ai... resolvi rodar o radiusd em modo debug (radiusd -xx) e vejam o
que acontece...

Wed Jun 20 11:43:28 2007 : Debug: auth: type "PAM"
Wed Jun 20 11:43:28 2007 : Debug:   Processing the authenticate
section of radiusd.conf
Wed Jun 20 11:43:28 2007 : Debug: modcall: entering group PAM for request 0
Wed Jun 20 11:43:28 2007 : Debug:   modsingle[authenticate]: calling
pam (rlm_pam) for request 0
Wed Jun 20 11:43:28 2007 : Debug: pam_pass: using pamauth string
<pop3> for pam.conf lookup
Wed Jun 20 11:43:28 2007 : Debug: pam_pass: function pam_acct_mgmt
FAILED for <matheus>. Reason: error in service module
Wed Jun 20 11:43:28 2007 : Debug:   modsingle[authenticate]: returned
from pam (rlm_pam) for request 0
Wed Jun 20 11:43:28 2007 : Debug:   modcall[authenticate]: module
"pam" returns reject for request 0
Wed Jun 20 11:43:28 2007 : Debug: modcall: leaving group PAM (returns
reject) for request 0
Wed Jun 20 11:43:28 2007 : Debug: auth: Failed to validate the user.
Wed Jun 20 11:43:28 2007 : Auth: Login incorrect: [matheus] (from
client localhost port 1)
Wed Jun 20 11:43:28 2007 : Debug: Delaying request 0 for 1 seconds
Wed Jun 20 11:43:28 2007 : Debug: Finished request 0
Wed Jun 20 11:43:28 2007 : Debug: Going to the next request
Wed Jun 20 11:43:28 2007 : Debug: Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 127.0.0.1:52012, id=39, length=75
Sending Access-Reject of id 39 to 127.0.0.1 port 52012

Que coisa ein...

E ae pra que lado eu corro?

Veja minhas confs

RADIUSD.conf

---

modules {
        pam {
                pam_auth = pop3
        }
...

authenticate {
        pam
}


USERS

DEFAULT Auth-Type = pam
        Fall-Through = 1

PPP.conf

default:
  set log Chat Command Phase
  enable pap
  enable chap
  allow mode direct
  enable ploxy
  disable ipv6cp
  set mru 1492
  set mtu 1492
  set ifaddr 172.16.1.1 172.16.1.50-172.16.1.100
  set speed sync
  site timeout 0
  enable lqr
  accept dns
  set radius /etc/ppp/radius.conf



-- 
Matheus Cucoloto
System Admin.
Net Admin.