Need Help - pam_radius

Fri Mar 9 18:09:23 UTC 2007

Hi Community,

I hope that i send this mail to the rigth place.

I'm trying to make authentication using the pam_radius, but i have
some issues that i don't know if it possible to manage.

Is that possible to configure this module to send also other
attributes like "Calling-Station-Id" on the request authentication?
I was google around and didn't find any way how to do it.

Second, after a successful authentication i want to send accounting
information to the server but to the server, the messages "acct-start"
and "acct-stop", but is not working in order to control a PIX firewall
to open and close access to the authenticated user.

At this moment i can authenticate users by ssh but is not sending the
"acct-start" and "acct-stop".

On the log's a receive the following messages:

Mar  9 17:33:31 marte sshd[1237]: Accepted keyboard-interactive/pam
for xmario from 192.168.1.2 port 52923 ssh2
Mar  9 17:33:32 marte sshd[1239]: in openpam_dispatch():
pam_radius.so: no pam_sm_open_session()
Mar  9 17:34:31 marte su: xmario to root on /dev/ttyp0

I'm using FreeBSD 5.4 and i manage the following configuration files:

/etc/radius.conf
auth 10.10.10.1:1812 secret 10
acct 10.10.10.1:1813 secret 10

/etc/pam.d/sshd
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth            required        pam_nologin.so
auth            required        pam_radius.so

# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_radius.so
session         required        pam_permit.so

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass

Kind Regards
Mario