Hi, On Tue, Nov 03, 2020 at 10:24:14PM +0100, Jordan Borgner wrote: > The important message, I think, is: > "" > PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with > status 1: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so > "" > > The mentioned file is existing on my filesystem and should have the > permissions set properly.
Yes, it's not complaining about "not being able to load the plugin"
but about "the plugin function returned failure", so PAM authentication
is failing.
To debug this, put
verb 4
setenv verb 9
into your server config and restart.
What you have now for "verb" is too much (the detailed logging of read
and write calls is not relevant for plugin debugging), so "verb 4" is
generally sufficient. "setenv verb 9" turns on (a bit more) debugging
for the plugin itself.
[..]
> PLUGIN AUTH-PAM: BACKGROUND: received command code: 0
> PLUGIN AUTH-PAM: BACKGROUND: USER: user
> PLUGIN AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
> PLUGIN AUTH-PAM: BACKGROUND: user 'user' failed to authenticate:
> Authentication failure
OTOH, the plugin will not log *much* more - it is starting up fine, it's
receiving your auth request, and the PAM stack is refusing this.
Syslog/auth might have something more on why PAM is failing - but
debugging PAM is a longer story.
Did this work before upgrading to 2.5.0? Or is this a new setup with
a first-time PAM auth?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
