NPS and RHEL ssh configuration

Subodh asked:

We have setup windows NPS and RHEL radius client using pam_radius module from freeradius.org for ssh. But on a linux client I see the error pam_radius_auth: Got RADIUS response code 3 in /var/log/secure. Code 3 means Access Rejected, but from a windows client when I tested using a radius testing tool, the connection was successful and got code 2, code 2 means Access granted. In NPS log I am getting below:

<Event>
 <Timestamp data_type="4">07/04/2015 10:21:02.913</Timestamp>
 <Computer-Name data_type="1">MYADDomainController</Computer-Name>
 <Event-Source data_type="1">IAS</Event-Source>
 <User-Name data_type="1">MYlinuxuser</User-Name>
 <NAS-Identifier data_type="1">sshd</NAS-Identifier>
 <NAS-Port data_type="0">3360</NAS-Port>
 <NAS-Port-Type data_type="0">5</NAS-Port-Type>
 <Service-Type data_type="0">8</Service-Type>
 <Calling-Station-Id data_type="1">MYWindowsClientIP</Calling-Station-Id>
 <Client-IP-Address data_type="3">MYMyLinuxRadiusClientNameInNPSIP</Client-IP-Address>
 <Client-Vendor data_type="0">0</Client-Vendor>
 <Client-Friendly-Name data_type="1">MyLinuxRadiusClientNameInNPS</Client-Friendly-Name>
 <Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name>
 <Provider-Type data_type="0">1</Provider-Type>
  <SAM-Account-Name data_type="1">MyDomainNameMYlinuxuser</SAM-Account-Name>
  <Fully-Qualifed-User-Name data_type="1">MyDomainNameMYlinuxuser</Fully-Qualifed-User-Name>
  <Class data_type="1">311 1 MyRadiusServer 07/04/2015 05:14:52 15</Class>
  <Authentication-Type data_type="0">1</Authentication-Type>
  <Packet-Type data_type="0">1</Packet-Type>
  <Reason-Code data_type="0">0</Reason-Code>
  </Event>
<Event>
  <Timestamp data_type="4">07/04/2015 10:21:02.913</Timestamp>
  <Computer-Name data_type="1">MYADDomainController</Computer-Name>
  <Event-Source data_type="1">IAS</Event-Source>
  <Class data_type="1">311 1 MyRadiusServer 07/04/2015 05:14:52 15</Class>
  <Authentication-Type data_type="0">1</Authentication-Type>
  <Fully-Qualifed-User-Name data_type="1">MyDomainNameMYlinuxuser</Fully-Qualifed-User-Name>
  <SAM-Account-Name data_type="1">MyDomainNameMYlinuxuser</SAM-Account-Name>
  <Provider-Type data_type="0">1</Provider-Type>
  <Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name>
  <Client-IP-Address data_type="3">MYMyLinuxRadiusClientNameInNPSIP</Client-IP-Address>
  <Client-Vendor data_type="0">0</Client-Vendor>
  <Client-Friendly-Name data_type="1">MyLinuxRadiusClientNameInNPS</Client-Friendly-Name>
  <Packet-Type data_type="0">3</Packet-Type>
  <Reason-Code data_type="0">16</Reason-Code>
</Event>

In the Windows event viewer under NPS I dont see any errors. What I am missing in the NPS?

My answer:


The reason code given in your event log is 16, which is unambiguous:

Authentication failed due to a user credentials mismatch. Either the user name provided does not match an existing user account or the password was incorrect.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.