Support Center > Search Results > SecureKnowledge Details
RADIUS users cannot login over SSH to Gaia OS Technical Level
Symptoms
  • RADIUS users cannot login over SSH to Gaia OS.

  • /var/log/messages file shows:
    sshd[PID]: pam_radius_auth: Got response from RADIUS server
    sshd[PID]: Accepted password for User_Name from IP_Address port Port_Number ssh2
    cp_radius_helper_1: Non-local user 'User_Name' given role 'radius-group-any' (if that exists)
    cp_radius_helper_1: Can't handle ':' or '\' in role name 'radius-group-CACS:acs-server/143326967/86' for user User_Name
    xpand[PID]: admin localhost t +volatile:mrma:users:user:User_Name:role:radius-group-any:domainname:default t
    xpand[PID]: admin localhost t +volatile:mrma:users:user:User_Name:role:radius-group-any t
    xpand[PID]: admin localhost t +volatile:mrma:users:user:User_Name t
    xpand[PID]: admin localhost t +volatile:mrma:users:user:User_Name:access_mechanism:CLI t
    xpand[PID]: admin localhost t +volatile:mrma:users:user:User_Name:access_mechanism:Web t
    xpand[PID]: admin localhost t +volatile:ppid:PID 0
    xpand[PID]: admin localhost t +volatile:pid:PID User_Name
    xpand[PID]: admin localhost t +volatile:mrma:users:user:User_Name:pid PID
    sshd[PID]: shaham dbg: regular-user User_Name uid is set to 96
    sshd[PID]: pam_keyinit(sshd:session): Unable to change GID to 100 temporarily
    sshd[PID]: pam_keyinit(sshd:session): Unable to change GID to 100 temporarily
    sshd[PID]: pam_unix(sshd:session): session opened for user User_Name by (uid=96)
    sshd[PID]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid
    sshd[PID]: pam_loginuid(sshd:session): set_loginuid failed
    sshd[PID]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
    sshd[PID]: fatal: chown(/dev/pts/2, 0, 5) failed: Operation not permitted
    cp_radius_helper_1: Failure to process credentials for RADIUS/TACACS user 'User_Name': e
                    
            
Solution
Note: To view this solution you need to Sign In .