From owner-freebsd-bugs@FreeBSD.ORG Thu Jul 5 23:40:01 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2DC30106566C for ; Thu, 5 Jul 2012 23:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DC6118FC17 for ; Thu, 5 Jul 2012 23:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q65Ne0x5077633 for ; Thu, 5 Jul 2012 23:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q65Ne0LR077632; Thu, 5 Jul 2012 23:40:00 GMT (envelope-from gnats) Resent-Date: Thu, 5 Jul 2012 23:40:00 GMT Resent-Message-Id: <201207052340.q65Ne0LR077632@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Brett E. Wynkoop" Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 495B1106566B for ; Thu, 5 Jul 2012 23:37:29 +0000 (UTC) (envelope-from wynkoop@wa3yre.wynn.com) Received: from mail.wynn.com (wa3yre.wynn.com [199.89.147.3]) by mx1.freebsd.org (Postfix) with ESMTP id 3B6468FC17 for ; Thu, 5 Jul 2012 23:37:25 +0000 (UTC) Received: from mail.wynn.com (mail.wynn.com [199.89.147.3]) by mail.wynn.com (8.14.3/8.12.6) with ESMTP id q65NJGS6046605 for ; Thu, 5 Jul 2012 19:19:16 -0400 (EDT) (envelope-from wynkoop@wa3yre.wynn.com) Received: from mail.wynn.com ([199.89.147.3] helo=mail.wynn.com) by ASSP-nospam; 5 Jul 2012 19:19:16 -0400 Received: (from wynkoop@localhost) by mail.wynn.com (8.14.3/8.14.3/Submit) id q65NJFeS046604; Thu, 5 Jul 2012 19:19:15 -0400 (EDT) (envelope-from wynkoop) Message-Id: <201207052319.q65NJFeS046604@mail.wynn.com> Date: Thu, 5 Jul 2012 19:19:15 -0400 (EDT) From: "Brett E. Wynkoop" To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/169670: [pam] template_user is broken in pam_radius X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Brett E. Wynkoop" List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jul 2012 23:40:01 -0000 >Number: 169670 >Category: bin >Synopsis: [pam] template_user is broken in pam_radius >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 05 23:40:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Brett E. Wynkoop >Release: FreeBSD 7.3-STABLE i386 Through 9.0-RELEASE >Organization: >Environment: System: FreeBSD dt0.int.harapartners.com 9.0-RELEASE FreeBSD 9.0-RELEASE #1: Wed Apr 11 11:50:56 EDT 2012 root@dt0.int.harapartners.com:/sys/amd64/compile/DT0-DUAL-VIDEO amd64 >Description: Use of the template user causes pam_radius to always reture authentication failure. Auth has been tested using radtest and radlogin from the same host that pam_radius is failing on. >How-To-Repeat: configure pam_radius for use with a template user then attempt to log in as a user not on the local system, but with good radius credentials. You should also look at pr-66095. It seems that pr was closed without any fix, but it gives very good full details of the issue. I have tested on FreeBSD 7.x and FreeBSD 9.0 with the same results. Not having working a working FreeBSD radius client configuration is very painful for large sites that have radius servers! >Fix: No Idea. >Release-Note: >Audit-Trail: >Unformatted: