Page MenuHomeVyOS Platform

[RADIUS] - Reverse DNS Lookup Failing
Open, Requires assessmentPublicBUG

Description

It looks like when an IPv6 RADIUS server is configured, PAM fails to perform reverse DNS lookups. This doesn't appear to be causing actual problems in my case, but it may be failing silently since I include both IPv4 and IPv6 RADIUS configurations:

Oct 09 17:07:18 sudo[18593]: pam_unix(sudo:session): session opened for user root by trae(uid=0)
Oct 09 17:07:18 sudo[18593]: pam_radius_auth(sudo:session): Failed looking up source IP address [fd52:d62e:8011 for server [fd52:d62e:8011:ffff:192:168:255:2]:1812 (error=Name or service not known)
Oct 09 17:07:18 sudo[18593]: pam_radius_auth(sudo:session): Failed looking up source IP address [fd52:d62e:8011 for server [fd52:d62e:8011:23e3:192:168:63:4]:1812 (error=Name or service not known)
Oct 09 17:07:18 sudo[18593]: pam_radius_auth(sudo:session): Failed looking up source IP address [fd52:d62e:8011 for server [fd52:d62e:8011:13d0:192:168:31:4]:1812 (error=Name or service not known)

The DNS entry exists:

trae@cr01a-vyos# dig -x fd52:d62e:8011:ffff:192:168:255:2 | grep '3600 IN PTR'
2.0.0.0.5.5.2.0.8.6.1.0.2.9.1.0.f.f.f.f.1.1.0.8.e.2.6.d.2.5.d.f.ip6.arpa. 3600 IN PTR ntp01.ac.trae32566.org.

Here's the configuration:

trae@cr01a-vyos# run show conf com | grep 'set system login radius'
set system login radius server 192.168.31.4 key 'MYKEY123'
set system login radius server 192.168.63.4 key 'MYKEY123'
set system login radius server 192.168.255.2 key 'MYKEY123'
set system login radius server fd52:d62e:8011:13d0:192:168:31:4 key 'MYKEY123'
set system login radius server fd52:d62e:8011:23e3:192:168:63:4 key 'MYKEY123'
set system login radius server fd52:d62e:8011:ffff:192:168:255:2 key 'MYKEY123'
set system login radius source-address '192.168.253.14'
set system login radius source-address 'fd52:d62e:8011:fffe:192:168:253:14'

Details

Difficulty level
Unknown (require assessment)
Version
1.3-beta-202110060342
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)