Hey everyone! I'm a junior sys admin diving into the world of Linux, and I'm working on a project where I need to set up Multi-Factor Authentication (MFA) with Authpoint on our Linux servers. I've gone through the documentation a few times and have tried configuring my test server multiple times, but I keep hitting a wall. Whenever I enter my password, it attempts to connect to the Authpoint gateway but ultimately gives me an 'access denied' error. I'm wondering if I need to set up a firewall rule to allow communication on port 1812 for RADIUS authentication from specific static IP addresses to the Authpoint gateway, or if there's something else I might be overlooking. Any insights would be greatly appreciated!
5 Answers
It sounds like checking your firewall settings is a good start, but remember that we need to know more about your network setup to be sure. Check the logs on your server, like `/var/log/auth.log` or `/var/log/secure`, depending on your OS. If you don't see any logs from the PAM module that you're trying to configure, it might not be loading correctly. Also, monitoring the network traffic with tools like tcpdump can be really helpful. Run this command: `sudo tcpdump -i any port 1812` while you attempt to authenticate. If you see no traffic, your PAM module might not be configured properly.
Have you thought about drawing a sequence diagram for the authentication process? Mapping out each component and their order could help reveal the problem you're facing.
Definitely double-check your server’s time synchronization. If it’s joined to a domain, it likely has that covered, but time discrepancies can cause MFA issues that aren't always obvious. Make sure your NTP server is in sync!
Quick note: Can PAM function without MFA? Also, don’t forget to consider both ports 1812 and 1813.
The 'Access denied' message is more likely an authentication issue rather than a firewall one. Firewall troubles usually show timeouts or long connection hangs. Check the log files like `/var/log/auth.log` for detailed info on the errors. If you want to determine if the port is reachable, you can try this command: `nc -nvzw5 `. If it hangs for too long, there could be firewall problems, but based on your error, I doubt that's it.
While I see your point, it's possible for a firewall issue to result in an 'Access denied' message, so we shouldn't rule that out completely. Just running a packet test on the connection could help clarify this.
True, but we should check for configuration issues first, like a wrong DNS setting or a misconfigured shared secret. These kinds of errors might come off as firewall problems.