|
|
that's the problem : AFAIK there's no plugin to send stuff back to the client at login time... you could write a client plugin which listens to a server plugin etc etc but that gets ugly really fast. alternatively you could write a client plugin which does a similar username-common-name check: that way the client would know about the mismatch even before a connection was made. HTH, JJK Sverre Johan Tøvik wrote: > Hi Jan, > > I see an "AUTH: Received AUTH_FAILED control message", which is the > same message as when an invalid username/password is used. I wouldn't > mind writing a patch, but I'd rather not have to distribute a custom > version of OpenVPN. Do you know if client side logging is possible > with the plugin API? If so, I might just make a plugin which does the > username/cn check. I just checked out the example "simple" plugin, > looks easy enough. > > > Sverre > > On Dec 6, 2007 4:22 PM, Jan Just Keijser < janjust@xxxxxxxxx > <mailto:janjust@xxxxxxxxx>> wrote: > > Hi Sverre, > > I don't think so... it would require a (not too difficult) patch > to the > openvpn software. > what do you see now when there's a username-common-name mismatch? > > HTH, > > JJK > > Sverre Johan Tøvik wrote: > > Hi, > > > > The subject says it all really. Is it possible to send output > from an > > auth-user-pass-verify script to the client side log? I've added an > > auth-user-pass-verify script to verify that the username matches > > the common name from the client cert, and added some output so that > > these errors show up in the server log. However, I'd like this > to show > > up in the client side log also. > > > > > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |