[squid-users] Strange problem in PAM authentication of squid users

From: Dr. Muhammad Masroor Ali <mmasroorali@dont-contact.us>
Date: Thu, 01 Aug 2002 09:12:25 +0600

Greetings,
I have spent the last few days on this problem without any
success. I
have searched the whole Internet, read all the FAQs and mailing
list
and done everything conceivable (imaginable) but all else have
failed.

I am trying to use pam_radius_auth
(http://www.freeradius.org/pam_radius_auth/)
with squid. The authentication program pam_auth (Henrik
Nordstrom) works perfectly when I use
system authentication. But when I switch to pam_radius_auth,
messages
from radius says the user is being authenticated perfectly, while
squid
thinks otherwise.

My squid file in pam.d (as was suggested in INSTALL)

auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_radius_auth.so debug
auth required /lib/security/pam_unix_auth.so

There is no indication of a mishap in the log file. Added this
line to syslog.conf,
daemon.debug /var/log/daemondebuglog. But no debug related
message appears here. Though other daemon messages do get
written.

radiusd is being run is debug mode, and the relevant last lines
are,

rad_recv: Access-Request packet from host 127.0.0.1:5814, id=182,
length=78
        User-Name = "radtest"
        User-Password =
"\342\031$\227<\002G\202\364\263fSK\003\305~"
        NAS-IP-Address = 127.0.0.1
        NAS-Identifier = "squid"
        NAS-Port = 4789
        NAS-Port-Type = Virtual
        Service-Type = Authenticate-Only

<snip>

Sending Access-Accept of id 182 to 127.0.0.1:5814
Finished request 10
Going to the next request

See that line with Access-Accept!!!

Another strange thing is each auth request from browser is
generating three requests for radius. Two for the previous user
who tried to authenticate, one for the current user. So each
browsing request starts with an authentication failure report
(authentication failed, retry? Yes/No).

I have even tried running squid in debug mode, but nothing is
said there.

Other relevant informations,

Red Hat 7.3,
Squid 2.4.STABLE6
freeradius-0.7
pam_radius-1.3.15

What is it I am missing? Any help will be highly appreciated.
Even I would like suggestions on how to better debug the problem.

--
Nobody's gonna believe that computers are intelligent until they start
coming in late and lying about it.
Dr. Muhammad Masroor Ali
Associate Professor and Associate Director
Institute of Information and Communication Technology
Bangladesh University of Engineering and Technology
Dhaka-1000, Bangladesh
Phone: 880 2 966 5650 ext 7245, 7756 (work)
                      ext 7748 or 880 2 966 5700 (residence)
FAX: 880 2 861 3046, 880 2 861 3026
Received on Wed Jul 31 2002 - 21:12:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:25 MST