Page MenuHomeVyOS Platform

RADIUS authentication broken only returns operator level
Closed, ResolvedPublicBUG


Using a basic RADIUS configuration will not enable admin-level but only keep operator level.

set system login radius server key 'VyOSsecretVyOS'
set system login radius source-address ''
Creating directory '/home/vyos_admin'.
Linux vyos 4.19.145-amd64-vyos #1 SMP Mon Sep 14 05:08:01 UTC 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.


Sep 15 19:14:57 vyos sshd[2599]: pam_unix(sshd:session): session opened for user vyos_admin by (uid=0)
Sep 15 19:15:04 vyos sshd[2610]: Received disconnect from ::1 port 49004:11: disconnected by user
Sep 15 19:15:04 vyos sshd[2610]: Disconnected from user vyos_admin ::1 port 49004
Sep 15 19:15:04 vyos sshd[2599]: pam_unix(sshd:session): session closed for user vyos_admin

So the username is passed in correctly, but the shell is not spawn correctly. It used to work with 1.3-rolling-202008301049


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)
c-po changed the task status from Open to In progress.Sep 16 2020, 2:59 PM
c-po claimed this task.

Add a smoketest to check if the required config options are present in the kernel configuration to prevent this in the future.

c-po triaged this task as Unbreak Now! priority.
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 1:05 PM
erkin removed a subscriber: Active contributors.