This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.
I configured, Server(pam_radius_auth) -> Microsoft NPS (With Azure MFA Extension)
Auth flow
Try to login pam_radius_auth sent request code 1-> MS NPS received request -> send to Azure MFA -> MS Authenticator Push -> MS NPS Radius -> Response code 2 -> pam_radius_auth Auth Success,
when user clicked MS Authenticator Push with out delay it works perfect
but when, MS Authenticator Push clicked Permit with few delays (about 3~5s ) & auth failed & retry Auth request (on pam_radius.conf timeout parameter 20)
---------- Logs --------------
Apr 14 00:05:41 prd-was sshd[537431]: pam_radius_auth: Got user name twyoun
Apr 14 00:05:41 prd-was sshd[537431]: pam_radius_auth: ignore last_pass, force_prompt set
Apr 14 00:05:44 prd-was sshd[537431]: pam_radius_auth: Sending RADIUS request code 1
Apr 14 00:05:44 prd-was sshd[537431]: pam_radius_auth: DEBUG: get_ipaddr(.**..*) returned 0.
Apr 14 00:06:04 prd-was sshd[537431]: pam_radius_auth: RADIUS server (*...) failed to respond
Apr 14 00:06:24 prd-was sshd[537431]: pam_radius_auth: RADIUS server (.**..***) failed to respond
Apr 14 00:06:27 prd-was sshd[537431]: pam_radius_auth: Got RADIUS response code 2
Apr 14 00:06:27 prd-was sshd[537431]: pam_radius_auth: authentication succeeded
Hi Contributors
I got some problem with Pam_Radius_auth,
I configured, Server(pam_radius_auth) -> Microsoft NPS (With Azure MFA Extension)
Auth flow
Try to login pam_radius_auth sent request code 1-> MS NPS received request -> send to Azure MFA -> MS Authenticator Push -> MS NPS Radius -> Response code 2 -> pam_radius_auth Auth Success,
when user clicked MS Authenticator Push with out delay it works perfect
but when, MS Authenticator Push clicked Permit with few delays (about 3~5s ) & auth failed & retry Auth request (on pam_radius.conf timeout parameter 20) ---------- Logs -------------- Apr 14 00:05:41 prd-was sshd[537431]: pam_radius_auth: Got user name twyoun Apr 14 00:05:41 prd-was sshd[537431]: pam_radius_auth: ignore last_pass, force_prompt set Apr 14 00:05:44 prd-was sshd[537431]: pam_radius_auth: Sending RADIUS request code 1 Apr 14 00:05:44 prd-was sshd[537431]: pam_radius_auth: DEBUG: get_ipaddr(.**..*) returned 0. Apr 14 00:06:04 prd-was sshd[537431]: pam_radius_auth: RADIUS server (*...) failed to respond Apr 14 00:06:24 prd-was sshd[537431]: pam_radius_auth: RADIUS server (.**..***) failed to respond Apr 14 00:06:27 prd-was sshd[537431]: pam_radius_auth: Got RADIUS response code 2 Apr 14 00:06:27 prd-was sshd[537431]: pam_radius_auth: authentication succeeded