|
|
I'm using openvpn 2.0.2-1 on Debian/unstable OpenVPN works like a charm, per User configuration stuff also works. But there's one thing I cannot get to work on a per-user basis: If I put: plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn into /etc/openvpn/server.conf, ALL users have to authenticate using what I defined in /etc/pam.d/openvpn as: ---------------- snip --------------- # PAM configuration for OpenVPN # Read environment variables from /etc/environment and # /etc/security/pam_env.conf. auth required pam_env.so # [1] # Angeblich soll das SecurID erzwingen auth required pam_securid.so debug ---------------- snip --------------- This is the PAM module provided for the RSA SecurID tokens which generate a OTP every minute. This works. I enter a wrong username/password combination, I'm, being rejected. I enter the correct data, I'm let in. Life is good. But now to the problem: If I put this into /etc/openvpn/ccd/hildeb.vpn.charite.de: ------------ snip ------------ plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn ifconfig-push 172.28.0.5 172.28.0.6 ------------ snip ------------ I can enter ANYTHING as authentication data, I'm always let through. I would expect the per-User configuration to work that way. OTOH, I do get the IP I explicitly assigned. Where's the error in my ways? -- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@xxxxxxxxxx Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to spamtrap@xxxxxxxxxx ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |