Improper Default Shell for Newly Created User using RADIUS Authentication

[amazor]

Set-up

Sonic_DUT (10.1.1.1) connected to FreeRadius Server (10.1.1.2)

Client Configurations (SONiC 202405)

config radius add 10.1.1.2 -a pap -k mySecret
config radius nasip 10.1.1.1
config aaa authentication login radius local
config aaa authentication failthrough enable

Server Configurations (FreeRadius 3.0.26)

Edit /etc/freeradius/3.0/users Add a new user at the top of the file: testuser Cleartext-Password := "testuser"

Edit /etc/freeradius/3.0/client.conf Add a new client with it’s ipaddress and secret key

client Sonic_DUT {
        ipaddr = 10.1.1.1
        secret = mySecret
}

Steps to Reproduce

1. Verify "testuser" does not exist in /etc/passwd

2. Attempt to login with "testuser" for first time using Console

sonic login: testuser
Password:
Linux sonic 6.1.0-11-2-amd64 #1
Debian GNU/Linux 12 sonic ttyS0

sonic login:

Can see that the user succeeds, but is immediately booted

3. Check /etc/passwd and see that user is created with non-existent shell as default process

testuser:x:1001:1006:testuser:/home/testuser:/usr/bin/sonic-launch-shell

Describe the results you received:

In RADIUS authentication through Console (with non-existent user in DUT), the client is succesfully authenticated using RADIUS, and a user will be created, but the default shell is incorrect. The "/usr/bin/sonic-launch-shell" application does not exist. This results in the user being logged-in and booted immediately.

Describe the results you expected:

The newly created user should have a working shell (such as /usr/bin/bash) with the proper permission. The user will be able to login.

[shdasari]

Hi,

This issue is a duplicate of https://github.com/sonic-net/sonic-buildimage/issues/11352. You can pick the fix for this issue from https://github.com/sonic-net/sonic-buildimage/pull/14466 and that should solve the issue.