Page MenuHomeVyOS Platform

PAM RADIUS freezing when accounting does not configured on RADIUS server
Closed, ResolvedPublicBUG

Assigned To
None
Authored By
Unknown Object (User)
Jan 6 2021, 1:29 PM
Referenced Files
F4154507: image.png
Jan 11 2024, 6:09 AM
F4154504: image.png
Jan 11 2024, 6:09 AM
F4154502: image.png
Jan 11 2024, 6:09 AM
F4154496: image.png
Jan 11 2024, 6:09 AM
Tokens
"Like" token, awarded by trae32566.

Description

When we have a RADIUS server with a configured accounting port instead of 1813 or not configured at all, CLI always be freezing. pam_radius get accounting port from /etc/services.
Will be good to have the possibility to disable pam radius accounting to prevent this issue.

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202101060217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects

Event Timeline

Unknown Object (User) created this task.Jan 6 2021, 1:29 PM

Maybe disable sent "accounting messages" by default and enable it as a configuration option explicitly?

dmbaturin set Issue type to Unspecified (please specify).

Tested in VyOS 1.4.0-rc1 , VyOS 1.3.5 and VyOS 1.5-rolling-202401030023
The configuration
VyOS 1.4.0-rc1:

set interfaces ethernet eth0 address '10.55.8.241/24'
set service ssh
set system login radius server 10.55.8.21 key 'testing123'
set system login radius server 10.55.8.21 port '1812'
set system login radius server 10.55.8.21 timeout '5'
set system login radius source-address '10.55.8.241'

VyOS 1.3.5:

set interfaces ethernet eth0 address '10.55.8.242/24'
set service ssh
set system login radius server 10.55.8.21 key 'testing123'
set system login radius server 10.55.8.21 port '1812'
set system login radius server 10.55.8.21 timeout '5'
set system login radius source-address '10.55.8.242'

VyOS 1.5-rolling-202401030023:

set interfaces ethernet eth0 address '10.55.8.243/24'
set service ssh
set system login radius server 10.55.8.21 key 'testing123'
set system login radius server 10.55.8.21 port '1812'
set system login radius server 10.55.8.21 timeout '5'
set system login radius source-address '10.55.8.243'

In RADIUS server side server does not listen to port 1813 only 1812

image.png (143×942 px, 15 KB)

Testing:

image.png (436×723 px, 44 KB)

image.png (473×660 px, 45 KB)

image.png (472×873 px, 57 KB)

Works as expected the CLI does not freeze