From wynkoop@wa3yre.wynn.com  Thu Jul  5 23:37:29 2012
Return-Path: <wynkoop@wa3yre.wynn.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 495B1106566B
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Jul 2012 23:37:29 +0000 (UTC)
	(envelope-from wynkoop@wa3yre.wynn.com)
Received: from mail.wynn.com (wa3yre.wynn.com [199.89.147.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 3B6468FC17
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Jul 2012 23:37:25 +0000 (UTC)
Received: from mail.wynn.com (mail.wynn.com [199.89.147.3])
	by mail.wynn.com (8.14.3/8.12.6) with ESMTP id q65NJGS6046605
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 5 Jul 2012 19:19:16 -0400 (EDT)
	(envelope-from wynkoop@wa3yre.wynn.com)
Received: from mail.wynn.com ([199.89.147.3] helo=mail.wynn.com) by
	ASSP-nospam; 5 Jul 2012 19:19:16 -0400
Received: (from wynkoop@localhost)
	by mail.wynn.com (8.14.3/8.14.3/Submit) id q65NJFeS046604;
	Thu, 5 Jul 2012 19:19:15 -0400 (EDT)
	(envelope-from wynkoop)
Message-Id: <201207052319.q65NJFeS046604@mail.wynn.com>
Date: Thu, 5 Jul 2012 19:19:15 -0400 (EDT)
From: "Brett E. Wynkoop" <wynkoop@wa3yre.wynn.com>
Reply-To: "Brett E. Wynkoop" <wynkoop@wa3yre.wynn.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [pam] template_user is broken in pam_radius
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         169670
>Category:       bin
>Synopsis:       [pam] template_user is broken in pam_radius
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 05 23:40:00 UTC 2012
>Closed-Date:    
>Last-Modified:  Mon Jul 16 03:05:22 UTC 2012
>Originator:     Brett E. Wynkoop
>Release:        FreeBSD 7.3-STABLE i386 Through  9.0-RELEASE
>Organization:
>Environment:
System: FreeBSD dt0.int.harapartners.com 9.0-RELEASE FreeBSD 9.0-RELEASE #1: Wed Apr 11 11:50:56 EDT 2012     root@dt0.int.harapartners.com:/sys/amd64/compile/DT0-DUAL-VIDEO  amd64


	
>Description:
	Use of the template user causes pam_radius to always reture 
authentication failure.  Auth has been tested using radtest and radlogin from
the same host that pam_radius is failing on.  

>How-To-Repeat:
        configure pam_radius for use with a template user then attempt to log in
as a user not on the local system, but with good radius credentials.

        You should also look at pr-66095.  It seems that pr was closed without
any fix, but it gives very good full details of the issue.  I have tested on
FreeBSD 7.x and FreeBSD 9.0 with the same results.  Not having working a working
FreeBSD radius client configuration is very painful for large sites that have
radius servers!

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
