use gluu radius for ssh authentication on linux

By: chao li user 15 Mar 2022 at 6 a.m. CDT

1 Response
chao li gravatar
/opt/gluu/jetty/oxauth/logs/2022_03_15.jetty.log INFO [qtp2085002312-14] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1701.f04365b1-a7df-4981-9afd-73dd04d3d3be' 2022-03-15 10:33:48,823 ERROR [qtp2085002312-14] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:465) - Failed to authenticate DN: CN=??,OU=AADDC Users,DC=ad,DC=yogorobot,DC=cloud org.gluu.persist.exception.AuthenticationException: Failed to authenticate DN: CN=??,OU=AADDC Users,DC=ad,DC=yogorobot,DC=cloud Caused by: com.unboundid.ldap.sdk.LDAPException: Simple bind operations are not allowed to contain a bind DN without a password. cat /opt/gluu/radius/logs/gluu-radius.log [DEBUG] 2022-03-15 10:42:18.505 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: { "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.", "error": "invalid_client"
Gluu 4.3 Ubuntu 18.04
closed

Answers

By chao li user 15 Mar 2022 at 8:27 a.m. CDT

Copy
chao li gravatar
hi,I installed libpam-radius-auth on ubuntu 18.04 to test gluu-raduis. The configuration i did: /etc/pam_radius_auth.conf ``` gluuServerIP secret timout ``` Is the value of secret the value of the gluu console radius clents secret? /etc/ssh/sshd_config ``` ChallengeResponseAuthentication yes UsePAM yes ``` /etc/pam.d/sshd ``` auth sufficient pam_radius_auth.so ``` the gluu-radius log file: /opt/gluu/radius/logs/gluu-radius.log ``` [DEBUG] 2022-03-15 10:42:18.505 [Radius Auth Listener] SuperGluuAuthClient - SuperGluu initial auth failed. Response: { "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client.", "error": "invalid_client" } ``` /opt/gluu/jetty/oxauth/logs/2022_03_15.jetty.log ``` INFO [qtp2085002312-14] [org.gluu.oxauth.auth.Authenticator] (Authenticator.java:278) - Authentication success for Client: '1701.f04365b1-a7df-4981-9afd-73dd04d3d3be' 2022-03-15 10:33:48,823 ERROR [qtp2085002312-14] [org.gluu.oxauth.service.AuthenticationService] (AuthenticationService.java:465) - Failed to authenticate DN: CN=??,OU=AADDC Users,DC=ad,DC=yogorobot,DC=cloud org.gluu.persist.exception.AuthenticationException: Failed to authenticate DN: CN=??,OU=AADDC Users,DC=ad,DC=yogorobot,DC=cloud at org.gluu.persist.ldap.impl.LdapEntryManager.authenticate(LdapEntryManager.java:747) ~[gluu-orm-ldap-4.3.1.Final.jar:?] at org.gluu.oxauth.service.AuthenticationService.authenticateImpl(AuthenticationService.java:438) ~[classes/:?] Caused by: com.unboundid.ldap.sdk.LDAPException: Simple bind operations are not allowed to contain a bind DN without a password. ```

Post an answer