Hello all.
I just installed openvpn 2.5.0 on archlinux. However, I'm having
problems with the auth-pam plugin. Users are not able to authenticate
themselves. They will get an error indicating that the password is
incorrent although it definitely is correct.
I have attached the logfile as well as my server configuration file to
this mail.
The important message, I think, is:
""
PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with
status 1: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
""
The mentioned file is existing on my filesystem and should have the
permissions set properly.
""
# ls -l /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
-rwxr-xr-x 1 root root 18K Oct 27 22:03
/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
""
Can anyone help me to fix this?
--
Jordan Borgner
ip-address Re-using SSL/TLS context
ip-address Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
ip-address Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
ip-address Local Options String (VER=V4): 'V4,dev-type tun,link-mtu
1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize
256,key-method 2,tls-server'
ip-address Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu
1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize
256,key-method 2,tls-client'
ip-address UDPv6 READ [14] from [AF_INET6]ip-address:53178:
P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
ip-address TLS: Initial packet from [AF_INET6]ip-address:53178, sid=bfedf113
4e727d4b
ip-address UDPv6 WRITE [26] to [AF_INET6]ip-address:53178:
P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
ip-address UDPv6 READ [303] from [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ 0 ] pid=1 DATA len=277
ip-address UDPv6 WRITE [22] to [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 1 ]
ip-address UDPv6 WRITE [1188] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=1 DATA len=1174
ip-address UDPv6 WRITE [1188] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=2 DATA len=1174
ip-address UDPv6 WRITE [1188] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=3 DATA len=1174
ip-address UDPv6 WRITE [129] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=4 DATA len=115
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 1 ]
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 2 ]
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 3 ]
ip-address UDPv6 READ [1276] from [AF_INET6]ip-address:53178: P_CONTROL_V1
kid=0 [ 4 ] pid=2 DATA len=1250
ip-address UDPv6 WRITE [22] to [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 2 ]
ip-address UDPv6 READ [1264] from [AF_INET6]ip-address:53178: P_CONTROL_V1
kid=0 [ ] pid=3 DATA len=1250
ip-address UDPv6 WRITE [22] to [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 3 ]
ip-address UDPv6 READ [1264] from [AF_INET6]ip-address:53178: P_CONTROL_V1
kid=0 [ ] pid=4 DATA len=1250
ip-address VERIFY OK: depth=0, CN=user
ip-address UDPv6 WRITE [184] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ 4 ] pid=5 DATA len=158
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=5 DATA len=8
ip-address peer info: IV_VER=3.git::662eae9a
ip-address peer info: IV_PLAT=mac
ip-address peer info: IV_NCP=2
ip-address peer info: IV_TCPNL=1
ip-address peer info: IV_PROTO=2
ip-address peer info: IV_GUI_VER=OCmacOS_3.2.4-2392
ip-address peer info: IV_SSO=openurl
PLUGIN AUTH-PAM: BACKGROUND: received command code: 0
PLUGIN AUTH-PAM: BACKGROUND: USER: user
PLUGIN AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
PLUGIN AUTH-PAM: BACKGROUND: user 'user' failed to authenticate: Authentication
failure
ip-address PLUGIN_CALL: POST
/usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY
status=1
ip-address PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed
with status 1: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
ip-address TLS Auth Error: Auth Username/Password verification failed for peer
ip-address UDPv6 WRITE [184] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ 5 ] pid=5 DATA len=158
ip-address UDPv6 WRITE [235] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=6 DATA len=221
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 5 ]
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=5 DATA len=8
ip-address UDPv6 WRITE [22] to [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 5 ]
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 5 ]
ip-address UDPv6 READ [22] from [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 6 ]
ip-address Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384,
4096 bit RSA
ip-address [user] Peer Connection Initiated with [AF_INET6]ip-address:53178
ip-address UDPv6 READ [49] from [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0
[ ] pid=6 DATA len=35
ip-address PUSH: Received control message: 'PUSH_REQUEST'
ip-address Delayed exit in 5 seconds
ip-address SENT CONTROL [user]: 'AUTH_FAILED' (status=1)
ip-address UDPv6 WRITE [22] to [AF_INET6]ip-address:53178: P_ACK_V1 kid=0 [ 6 ]
ip-address UDPv6 WRITE [48] to [AF_INET6]ip-address:53178: P_CONTROL_V1 kid=0 [
] pid=7 DATA len=34
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
user nobody
group nobody
port 1194
persist-key
persist-tun
proto udp
proto udp6
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/hostname.crt
key /etc/openvpn/easy-rsa/pki/private/hostname.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
cipher AES-256-CBC
auth SHA512
reneg-sec 36000
inactive 0
server 192.168.100.0 255.255.255.0
push "route 192.168.100.0 255.255.255.0"
keepalive 10 36000
status openvpn-status.log
log /var/log/openvpn.log
verb 6
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
