Page MenuHomeVyOS Platform

RADIUS usersname is not shown on CLI
Open, LowPublicBUG

Description

Logging in as a RADIUS user works but the username is not revealed on the CLI.

Linux vyos 5.10.33-amd64-vyos #1 SMP Sat May 1 16:54:52 UTC 2021 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
radius_user@vyos:~$

But environemnt variables are setup properly

radius_user@LR1.wue3:~$ id
uid=1000(radius_user) gid=1000(radius_users) groups=1000(radius_users),4(adm),6(disk),27(sudo),30(dip),100(users),105(vyattacfg),115(frrvty)
radius_user@LR1.wue3:~$ echo $HOME
/home/foo_admin
radius_user@LR1.wue3:~$ echo $USER
foo_admin

Problem only exists on current branch. equuleus is not AFFECTED

Root cause is the RADIUS users are not mapped to radius_priv_userbut instead are mapped to radius_user

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202105020940
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po triaged this task as Low priority.
c-po created this task.
c-po changed the status of subtask T3511: Update libnss-mapuser and libpam-radius packages from CUMULUS Linux from Open to In progress.
Viacheslav added a subscriber: Viacheslav.

Re-opened, the same bug in VyOS 1.4-rolling-202109300217

sever@sever:~/docker$ ssh user@192.168.122.11

Last login: Mon Oct 11 16:21:37 2021 from 192.168.122.1
radius_user@r1-roll> 

radius_user@r1-roll> id
uid=1000(radius_user) gid=106(vyattaop) groups=106(vyattaop),4(adm),30(dip),37(operator),100(users),116(frrvty)
radius_user@r1-roll> 


radius_user@r1-roll> cat /run/mapuser/33
2021-10-11T16:22:31.679829
user=user
pid=10438
auid=1000
session=33
privileged=no
radius_user@r1-roll>

@c-po in 1.3.0-epa1 works fine.

sever$ ssh vyosuser@192.168.122.14

vyosuser@r4-epa1> 
vyosuser@r4-epa1> 
vyosuser@r4-epa1> exit

P.S. for tests radius server was used as a container:

set container name radius allow-host-networks
set container name radius image 'dchidell/radius-web'