RADIUS authentication users do not work
set system login radius server 192.168.122.14 key 'vyos-secret'
RADIUS configuration:
clients
client ALL-DEVICES { secret = vyos-secret nastype = other ipaddr = 0.0.0.0/0 }
users
# User configuration adminuser Cleartext-Password := "vyos" Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=15" ro Cleartext-Password := "vyos" Service-Type = NAS-Prompt-User, Cisco-AVPair = "shell:priv-lvl=1"
Log:
Jan 06 17:02:42 r14 sshd[5642]: Invalid user adminuser from 192.168.122.1 port 32782 Jan 06 17:02:44 r14 sshd[5642]: pam_unix(sshd:auth): check pass; user unknown Jan 06 17:02:44 r14 sshd[5642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.122.1 Jan 06 17:02:46 r14 sshd[5642]: Failed password for invalid user adminuser from 192.168.122.1 port 32782 ssh2 Jan 06 17:03:27 r14 sshd[5650]: Invalid user ro from 192.168.122.1 port 51042 Jan 06 17:03:30 r14 sshd[5650]: pam_unix(sshd:auth): check pass; user unknown Jan 06 17:03:30 r14 sshd[5650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.122.1 Jan 06 17:03:31 r14 sshd[5650]: Failed password for invalid user ro from 192.168.122.1 port 51042 ssh2
RADIUS server logs:
Mon Jan 6 15:02:43 2025 : Auth: (19) Login incorrect (pap: Cleartext password does not match "known good" password): [adminuser/? ?] (from client ALL-DEVICES port 5642 cli 192.168.122.1) Mon Jan 6 15:03:29 2025 : Auth: (20) Login incorrect (pap: Cleartext password does not match "known good" password): [ro/? ?] (from client ALL-DEVICES port 5650 cli 192.168.122.1)
For the rolling ssh works fine on the same RADIUS server:
Jan 06 15:05:27 vpp-left sshd[7753]: Accepted password for adminuser from 192.168.122.1 port 60174 ssh2 Jan 06 15:05:27 vpp-left sshd[7753]: pam_unix(sshd:session): session opened for user adminuser(uid=1001) by (uid=0) Jan 06 15:05:27 vpp-left systemd-logind[861]: New session 18 of user adminuser. Jan 06 15:05:27 vpp-left systemd[1]: Started session-18.scope - Session 18 of User adminuser. Jan 06 15:05:27 vpp-left systemd[1]: opt-vyatta-config-tmp-new_config_7757.mount: Deactivated successfully. Jan 06 15:05:27 vpp-left sshd[7753]: pam_env(sshd:session): deprecated reading of user environment enabled