[Bug 2068729] Re: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

Real Ursus 2068729 at bugs.launchpad.net
Fri Jun 7 12:47:46 UTC 2024 

Please note that 
"git clone https://github.com/FreeRADIUS/pam_radius
cd pam_radius
make deb && dpkg -i ../libpam-radius-auth_2.0.1_amd64.deb"
is working as expected:
2024-06-07T22:45:13.395293+10:00 sydvpn01 sshd[1457]: pam_radius_auth: 2.0.1 DEVELOPER BUILD -  (git #d802da75), built on Jun  7 2024 at 12:38:28
2024-06-07T22:45:13.395508+10:00 sydvpn01 sshd[1457]: pam_radius_auth: _pam_parse: argv[0] = 'conf=/etc/pam_radius_auth.conf'
2024-06-07T22:45:13.395585+10:00 sydvpn01 sshd[1457]: pam_radius_auth: _pam_parse: argv[1] = 'retry=3'
2024-06-07T22:45:13.395642+10:00 sydvpn01 sshd[1457]: pam_radius_auth: _pam_parse: argv[2] = 'ipv4=yes'
2024-06-07T22:45:13.395709+10:00 sydvpn01 sshd[1457]: pam_radius_auth: _pam_parse: argv[3] = 'ipv6=no'
2024-06-07T22:45:13.395809+10:00 sydvpn01 sshd[1457]: pam_radius_auth: _pam_parse: argv[4] = 'debug'
2024-06-07T22:45:13.395968+10:00 sydvpn01 sshd[1457]: pam_radius_auth: DEBUG: conf='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no



** Description changed:

  New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure
  config states that IPv6 is to be disabled unless it's in use).
  
  lsb_release -rd:
  No LSB modules are available.
  Description:    Ubuntu 24.04 LTS
  Release:        24.04
  
  apt-cache policy libpam-radius-auth
  libpam-radius-auth:
-   Installed: 2.0.1-1
-   Candidate: 2.0.1-1
-   Version table:
-  *** 2.0.1-1 500
-         500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
-         100 /var/lib/dpkg/status
+   Installed: 2.0.1-1
+   Candidate: 2.0.1-1
+   Version table:
+  *** 2.0.1-1 500
+         500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
+         100 /var/lib/dpkg/status
  
  What you expected to happen:
- Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c module must support ipv6 and ipv4 options.
+ Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the pam_radius_auth module must support ipv6 and ipv4 options.
  
  /etc/pam.d/sshd:
  auth       sufficient   pam_radius_auth.so  conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug
- 
  
  What happened instead:
  2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
  2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
  2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
  2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
  2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
  2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2068729

Title:
  pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not
  supported by protocol

Status in shadow package in Ubuntu:
  New

Bug description:
  New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure
  config states that IPv6 is to be disabled unless it's in use).

  lsb_release -rd:
  No LSB modules are available.
  Description:    Ubuntu 24.04 LTS
  Release:        24.04

  apt-cache policy libpam-radius-auth
  libpam-radius-auth:
    Installed: 2.0.1-1
    Candidate: 2.0.1-1
    Version table:
   *** 2.0.1-1 500
          500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
          100 /var/lib/dpkg/status

  What you expected to happen:
  Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the pam_radius_auth module must support ipv6 and ipv4 options.

  /etc/pam.d/sshd:
  auth       sufficient   pam_radius_auth.so  conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug

  What happened instead:
  2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
  2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
  2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
  2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
  2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
  2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2068729/+subscriptions

More information about the foundations-bugs mailing list