Page MenuHomeVyOS Platform

RADIUS authentication broken only returns operator level
Closed, ResolvedPublicBUG

Description

Using a basic RADIUS configuration will not enable admin-level but only keep operator level.

set system login radius server 172.16.100.10 key 'VyOSsecretVyOS'
set system login radius source-address '172.18.254.201'
Creating directory '/home/vyos_admin'.
Linux vyos 4.19.145-amd64-vyos #1 SMP Mon Sep 14 05:08:01 UTC 2020 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
radius_user@vyos>

Logfiles

Sep 15 19:14:57 vyos sshd[2599]: pam_unix(sshd:session): session opened for user vyos_admin by (uid=0)
Sep 15 19:15:04 vyos sshd[2610]: Received disconnect from ::1 port 49004:11: disconnected by user
Sep 15 19:15:04 vyos sshd[2610]: Disconnected from user vyos_admin ::1 port 49004
Sep 15 19:15:04 vyos sshd[2599]: pam_unix(sshd:session): session closed for user vyos_admin

So the username is passed in correctly, but the shell is not spawn correctly. It used to work with 1.3-rolling-202008301049

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202009140541
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po created this task.Tue, Sep 15, 5:03 PM
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)Tue, Sep 15, 5:16 PM
c-po updated the task description. (Show Details)
pasik added a subscriber: pasik.Tue, Sep 15, 7:19 PM
c-po changed the task status from Open to In progress.Wed, Sep 16, 2:59 PM
c-po claimed this task.
c-po added a comment.Wed, Sep 16, 3:02 PM

Add a smoketest to check if the required config options are present in the kernel configuration to prevent this in the future.

c-po closed this task as Resolved.Wed, Sep 16, 4:56 PM
c-po triaged this task as Unbreak Now! priority.