From 10108970356a643d82c4896cd8a1e902eac75db5 Mon Sep 17 00:00:00 2001 From: "saravan@celestica.com" Date: Thu, 22 Dec 2022 09:51:34 +0000 Subject: [PATCH 1/2] Issue Description: Login through RADIUS is not working Root-Cause: RADIUS presumes that sonic launch shell (/usr/bin/sonic-launch-shell) is available by default to be authenticated users, which is not the case. This leads to failure in RADIUS authentication. What I did: Added valid bash shell (/bin/bash) in RADIUS nss code --- src/radius/nss/libnss-radius/nss_radius_common.c | 4 ++-- .../templates/radius_nss.conf.j2 | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/radius/nss/libnss-radius/nss_radius_common.c b/src/radius/nss/libnss-radius/nss_radius_common.c index 652d04ae5c7b..cfc4cbf3f523 100644 --- a/src/radius/nss/libnss-radius/nss_radius_common.c +++ b/src/radius/nss/libnss-radius/nss_radius_common.c @@ -159,11 +159,11 @@ static void init_rnm(RADIUS_NSS_CONF_B * conf) { rnm[0].gid = 999; rnm[0].groups = "docker"; rnm[0].gecos = "remote_user"; - rnm[0].shell = "/usr/bin/sonic-launch-shell"; + rnm[0].shell = "/bin/bash"; rnm[RADIUS_MAX_MPL-1].gid = 1000; rnm[RADIUS_MAX_MPL-1].groups = "admin,sudo,docker"; rnm[RADIUS_MAX_MPL-1].gecos = "remote_user_su"; - rnm[RADIUS_MAX_MPL-1].shell = "/usr/bin/sonic-launch-shell"; + rnm[RADIUS_MAX_MPL-1].shell = "/bin/bash"; } diff --git a/src/sonic-host-services-data/templates/radius_nss.conf.j2 b/src/sonic-host-services-data/templates/radius_nss.conf.j2 index a0da68d39961..69e6431ebd55 100644 --- a/src/sonic-host-services-data/templates/radius_nss.conf.j2 +++ b/src/sonic-host-services-data/templates/radius_nss.conf.j2 @@ -13,13 +13,13 @@ debug=on # # User Privilege: # Default: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/usr/bin/sonic-launch-shell -# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/usr/bin/sonic-launch-shell +# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/bin/bash +# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/bin/bash # Eg: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/usr/bin/sonic-launch-shell -# user_priv=7;pw_info=netops;gid=999;group=docker;shell=/usr/bin/sonic-launch-shell -# user_priv=1;pw_info=operator;gid=100;group=docker;shell=/usr/bin/sonic-launch-shell +# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/bin/bash +# user_priv=7;pw_info=netops;gid=999;group=docker;shell=/bin/bash +# user_priv=1;pw_info=operator;gid=100;group=docker;shell=/bin/bash # # many_to_one: From 84f2fa6ee771163031310db514cf8a23a324fa69 Mon Sep 17 00:00:00 2001 From: "saravan@celestica.com" Date: Fri, 23 Dec 2022 13:30:51 +0000 Subject: [PATCH 2/2] Removed unrelated changes --- .../templates/radius_nss.conf.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/sonic-host-services-data/templates/radius_nss.conf.j2 b/src/sonic-host-services-data/templates/radius_nss.conf.j2 index 69e6431ebd55..a0da68d39961 100644 --- a/src/sonic-host-services-data/templates/radius_nss.conf.j2 +++ b/src/sonic-host-services-data/templates/radius_nss.conf.j2 @@ -13,13 +13,13 @@ debug=on # # User Privilege: # Default: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/bin/bash -# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/bin/bash +# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/usr/bin/sonic-launch-shell +# user_priv=1;pw_info=remote_user;gid=999;group=docker;shell=/usr/bin/sonic-launch-shell # Eg: -# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/bin/bash -# user_priv=7;pw_info=netops;gid=999;group=docker;shell=/bin/bash -# user_priv=1;pw_info=operator;gid=100;group=docker;shell=/bin/bash +# user_priv=15;pw_info=remote_user_su;gid=1000;group=sudo,docker;shell=/usr/bin/sonic-launch-shell +# user_priv=7;pw_info=netops;gid=999;group=docker;shell=/usr/bin/sonic-launch-shell +# user_priv=1;pw_info=operator;gid=100;group=docker;shell=/usr/bin/sonic-launch-shell # # many_to_one: