Closed repl-mike-roest closed 3 months ago
Confirming same issue as @repl-mike-roest Will need to use https://github.com/FreeRADIUS/pam_radius/commit/8d373539bb9f13b0abfe8bcae0095a930a00fad0 in a strict ipv4 environment.
I believe this is fixed in the latest version. Can you please try again?
Hi @alandekok
Building with latest code, I was able to use auth sufficient pam_radius_auth.so ipv6=no No thread crash and was able to use radius server as 2FA check.
Thanks! I think this issue is closed.
We've been using pam_radius for a long time on Ubuntu 18.04 with no problems. Due to 18.04 being EOL we're working on upgrading to 22.04. 22.04 includes pam_radius 2.0.0. Due to CIS benchmarks we have ipv6 disabled on our machines and so originally we hit the issue described here: https://github.com/FreeRADIUS/freeradius-server/issues/4397
Using the suggestion from @alandekok in https://github.com/FreeRADIUS/freeradius-server/issues/4397#issuecomment-1458869392 I pulled down the current master of pam_radius 77da6f50 and built the debian package locally. Now we're getting passed the IPV6 issue but now I'm hitting: the following error (this happens on a machine with IPV6 enabled or disabled)
On the same machine with IPV6 enabled if I use the ubuntu included 2.0.0 the authentication works as expected:
Next I've checked out the commit 8d373539 where the support was originally added and again I can successfully authenticate
So it seems like somewhere between 8d373539 and 77da6f50 there was a crasher introduced. I'm going to move forward using the module built from 8d373539 but I thought I would report the issue.