Once in a while, I have to wander through some Solaris boxes. I need to look at audit logs today and I have forgotten most of the commands.
http://www.c0t0d0s0.org/archives/4068-Less-known-Solaris-features-Auditing.html
Filing this page here, in case I need reference again in the not very near future.
I was implementing pam_radius login for some Solaris 10 servers today and I got this error.
Aug 10 20:41:57 server1 sshd[17846]: [ID 801593 auth.debug] pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 0.
Aug 10 20:41:57 server1 sshd[17846]: [ID 801593 auth.error] pam_radius_auth: Failed looking up IP address for RADIUS server radius2
Weird error. Googled and found all kinds on weird solutions including hacking the source code and stuff.
I took a quick look at the source code and realised something – my server had no knowledge of the radius and radacct ports. And it’s actually in the debug message: getservbyname failed. I was mislead by the “Failed looking up IP address for RADIUS server” error message.
Added the following to /etc/services:
radius 1812/udp
radacct 1813/udp
And voila! Simple as that.