[Bug 2068729] Re: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol
Sergio Durigan Junior
2068729 at bugs.launchpad.net
Thu Nov 14 00:33:32 UTC 2024
I was finally able to reproduce it here, despite the lack of more
specific instructions.
$ lxc launch noble n-radius --vm
$ lxc shell n-radius
# apt update && apt install libpam-radius-auth
# vim /etc/pam.d/sudo
Add the following line to the file:
auth sufficient pam_radius_auth.so debug
# cat > /etc/pam_radius_auth.conf << _EOF_
127.0.0.1 secret 3
[::1] secret 3
_EOF_
# echo 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} ipv6.disable=1"' >> /etc/default/grub.d/99-disable-ipv6.cfg
# update-grub
# echo "ubuntu ALL=(ALL:ALL) ALL" > /etc/sudoers.d/support
# passwd ubuntu
Choose an easy password here, like "123".
Reboot the machine, and shell in again:
# su - ubuntu
# sudo true
Type the password, and see the crash.
Now, what I found is that this crash is unrelated to this bug. You can
reproduce it using the version of libpam-radius-auth that's currently in
the archive on Noble *and* Oracular. Plucky has a newer version of the
package, which I haven't tested.
I believe this crash deserves its own separate bug report, and should
probably be fixed before addressing this particular bug.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shadow in Ubuntu.
https://bugs.launchpad.net/bugs/2068729
Title:
pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not
supported by protocol
Status in libpam-radius-auth package in Ubuntu:
Triaged
Status in shadow package in Ubuntu:
Confirmed
Bug description:
New and fully updated 24.04 LTS with disabled IPv6 (The CISA secure
config states that IPv6 is to be disabled unless it's in use).
lsb_release -rd:
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
apt-cache policy libpam-radius-auth
libpam-radius-auth:
Installed: 2.0.1-1
Candidate: 2.0.1-1
Version table:
*** 2.0.1-1 500
500 http://au.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
100 /var/lib/dpkg/status
What you expected to happen:
Based on https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c, the pam_radius_auth module must support ipv6 and ipv4 options.
/etc/pam.d/sshd:
auth sufficient pam_radius_auth.so conf=/etc/pam_radius_auth.conf retry=3 ipv4=yes ipv6=no debug
What happened instead:
2024-06-07T22:07:57.499460+10:00 ubuntu sshd[584305]: pam_radius_auth: 2.0.1, built on Aug 19 2023 at 14:08:42
2024-06-07T22:07:57.499672+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv4=yes'
2024-06-07T22:07:57.499880+10:00 ubuntu sshd[584305]: pam_radius_auth: unrecognized option 'ipv6=no'
2024-06-07T22:07:57.500051+10:00 ubuntu sshd[584305]: pam_radius_auth: DEBUG: conf_file='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=3 localifdown=no client_id='' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
2024-06-07T22:07:57.500279+10:00 ubuntu sshd[584305]: pam_radius_auth: Got user name: 'test'
2024-06-07T22:07:57.502892+10:00 ubuntu sshd[584305]: pam_radius_auth: Failed to open RADIUS IPv6 socket: Address family not supported by protocol
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-radius-auth/+bug/2068729/+subscriptions
More information about the foundations-bugs
mailing list