Page MenuHomeVyOS Platform
Create Task
Maniphest T2886

RADIUS authentication broken only returns operator level
Closed, ResolvedPublicBUG
Actions

Description

Using a basic RADIUS configuration will not enable admin-level but only keep operator level.

set system login radius server 172.16.100.10 key 'VyOSsecretVyOS'
set system login radius source-address '172.18.254.201'
Creating directory '/home/vyos_admin'.
Linux vyos 4.19.145-amd64-vyos #1 SMP Mon Sep 14 05:08:01 UTC 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
radius_user@vyos>

Logfiles

Sep 15 19:14:57 vyos sshd[2599]: pam_unix(sshd:session): session opened for user vyos_admin by (uid=0)
Sep 15 19:15:04 vyos sshd[2610]: Received disconnect from ::1 port 49004:11: disconnected by user
Sep 15 19:15:04 vyos sshd[2610]: Disconnected from user vyos_admin ::1 port 49004
Sep 15 19:15:04 vyos sshd[2599]: pam_unix(sshd:session): session closed for user vyos_admin

So the username is passed in correctly, but the shell is not spawn correctly. It used to work with 1.3-rolling-202008301049

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202009140541
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

c-po created this task.Sep 15 2020, 5:03 PM
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)Sep 15 2020, 5:16 PM
c-po updated the task description. (Show Details)
pasik added a subscriber: pasik.Sep 15 2020, 7:19 PM
c-po changed the task status from Open to In progress.Sep 16 2020, 2:59 PM
c-po claimed this task.
c-po added a comment.Sep 16 2020, 3:02 PM

Add a smoketest to check if the required config options are present in the kernel configuration to prevent this in the future.

c-po closed this task as Resolved.Sep 16 2020, 4:56 PM
c-po triaged this task as Unbreak Now! priority.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 23 2020, 3:30 PM
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 1:05 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:27 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.