AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only
  • 1.  sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 23 days ago

    sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so



    ------------------------------
    SIRISHA BEZAWADA
    ------------------------------


  • 2.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 20 days ago

    Hi Sirisha, any more context on what you're trying to do, what product is responsible for this module, etc?



    ------------------------------
    Hrithik Govardhan
    Senior Engineer
    Rocket Software
    MN
    ------------------------------



  • 3.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 19 days ago
    Hello Hrithik,

    Its related MFA configuration using radius server.

    We suspect some library files missed, could you please share steps how install yum or dnf in AIX server.
    Its a AIX 7.2 TL5 SP8 server

    Thanks & Regards,
    Sirisha.





  • 4.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 16 days ago

    Hi Sirisha,

    please execute the following command and paste the output:

    ldd /usr/lib/security/pam_radius_auth.so


    ------------------------------
    Andrey Klyachkin

    https://www.power-devops.com
    ------------------------------



  • 5.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 18 days ago

    hi Hrithik,

    could you please see my query and share your response.



    ------------------------------
    SIRISHA BEZAWADA
    ------------------------------



  • 6.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 17 days ago

    Hi Sirisha-  Unfortunately, I would need more details on the client side application you are trying to install - this module is not part of the PowerSC MFA installer - is this another product that you are testing?



    ------------------------------
    Hrithik Govardhan
    Senior Engineer
    Rocket Software
    MN
    ------------------------------



  • 7.  RE: sshd: PAM: load_modules: can not open module /usr/lib/security/pam_radius_auth.so

    Posted 17 days ago
    Hi Hrithik,

    Its related to MFA authentication using free-radius configuration.

    bash-4.2# pwd
    /tmp/FreeRadius
    bash-4.2# ls -ltr
    total 504
    -rw-r--r--    1 root     system       188654 Jun 12 15:48 freeradius-pam-2.0.0-1.src.rpm
    -rw-r--r--    1 root     system        64052 Jun 12 16:12 freeradius-pam-2.0.0-1.aix7.1.ppc.rpm
    bash-4.2# rpm -ivh freeradius-pam-2.0.0-1.aix7.1.ppc.rpm
    bash-4.2# ls -ltr /usr/lib/security/pam_radius_auth.so
    -rwxr-xr-x    1 root     system       133483 Mar 25 2022  /usr/lib/security/pam_radius_auth.so
    bash-4.2#
    Configuring pam
    On the client Node, to configure the client to authenticate with the pam server the corresponding server node details have to be provided in the below file in the required format.
    bash-4.2# cat /etc/raddb/server
    10.210.128.14:1645  Unix-BigDog12!      60
    10.209.211.22:1645  Unix-BigDog12!      60
    172.23.36.4:1645    Unix-BigDog12!      60
    bash-4.2#
     
    # /etc/pam.conf  "Added these new lines"
    bash-4.2# tail -5f /etc/pam.conf
    sshd auth sufficient /usr/lib/security/pam_radius_auth.so
    sshd account required /usr/lib/security/pam_aix
    sshd password required /usr/lib/security/pam_aix
    sshd session required /usr/lib/security/pam_aix
    bash-4.2#
     
    # /etc/security/login.cfg   "Changed the type of auth_type from STD_AUTH to PAM_AUTH"
    bash-4.2# tail -8f /etc/security/login.cfg
    usw:
            shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd
            maxlogins = 32767
            logintimeout = 60
            maxroles = 8
            auth_type = PAM_AUTH
            pwd_algorithm = ssha256
    bash-4.2#
     
    # /etc/ssh/sshd_config    "Changed the below attributes"
     
    PasswordAuthentication no
    PermitEmptyPasswords no
    UsePrivilegeSeparation no
    ChallengeResponseAuthentication yes
    UsePAM yes
     
    Once the above changes are made, restarted the sshd service.
    stopsrc -s sshd
    startsrc -s sshd
    Note: We have followed same process another servers also and it is working fine, but facing in in this server only.


    Thanks & Regards,
    Sirisha.