Hi, On Tue, Nov 3, 2020 at 4:38 PM Jordan Borgner <jor...@manmtr.net> wrote:
> Hello all. > > I just installed openvpn 2.5.0 on archlinux. However, I'm having > problems with the auth-pam plugin. Users are not able to authenticate > themselves. They will get an error indicating that the password is > incorrent although it definitely is correct. > > I have attached the logfile as well as my server configuration file to > this mail. > > The important message, I think, is: > "" > PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with > status 1: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so > "" > > The mentioned file is existing on my filesystem and should have the > permissions set properly. > > "" > # ls -l /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so > -rwxr-xr-x 1 root root 18K Oct 27 22:03 > /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so > "" > > Can anyone help me to fix this? > The error does not mean the plugin file is missing -- indeed the server is loading the plugin and attempting authentication using the pam backend. As per the logs, the PAM module "login" is prompting for Password: with echo off and the plugin must be returning the user's password for that query. You can make that more explicit by specifying the expected prompts in the config instead of relying on echo-off means password. See the README file distributed with openvpn-plugin-auth-pam.so. But I see nothing wrong in the logs except that PAM returns authentication failure. Check that the pam module "login" expects nothing more than username and password and look for any errors PAM may be logging through syslog. You can troubleshoot further by capturing the password received by PAM using, say, pam_exec.so and a script[*]. Selva
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
