i have a problem about configuring the “/etc/pam.d/radiusd” file.
I am working on a Linux Debian System.
rn this is my configuration:
auth requisite pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass
account required pam_unix.so audit
account required pam_permit.so
the goal is at the end, users just type their username, password and the google token. (this information will be typed in Cisco any connect for the purpose to authenticate users for the VPN)
maybe the pam_unix.so line is not right atm because I am testing the local, root user with a given cleartext password. (actually I will need to connect freeradius to active directory, where the stored users and their passwords would be. idk if that is relevant at this point, regarding changes to the pam.d/radiusd rules.)
freeradius recognizes and splits the cleartext password and the token, as I wrote it in the /etc/freeradius/3.0/policy.d/filter file like here:
https://sysopstechnix.com/enable-2fa-on-freeradius-with-openldap-users/#:~:text=9-,filter_google_otp,-%7B
but somehow i get the error message: “pam: ERROR: pam_authenticate failed: Authentication failure”
my radtest login request
and
here is the response of the server, $ freeradius -X
Pam is enabled, /etc/freeradius/3.0/mods-enabled
I tried to find similar configurations etc. and this is now the last instance to ask if someone could help here and also, this is my first ever question on here :)
The answer would incredibly help me, maybe there is someone who experienced this...
If I can provide any further information I'm here!
