[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] openvpn-auth-pam usage (Authentication Failure)

  • Subject: Re: [Openvpn-users] openvpn-auth-pam usage (Authentication Failure)
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Fri, 29 Apr 2005 11:11:13 -0600 (MDT)

On Fri, 29 Apr 2005 clancyian@xxxxxx wrote:

> I'm attempting to authenticate my OpenVPN users against an OpenLDAP
> Directory using the openvpn-auth-pam plugin in addition to using
> certificates. My OpenVPN server is running version 2.0_rc10 on RH7.2 and
> my Windows Clients are using  OpenVPN-GUI version 1.0 . The
> 'auth-user-pass' parameter in the clients prompts the user for a username
> and password.
> The good news is that this setup actully works, the bad news is that it
> only works once. After sucessfull authentication, if i disconnect the VPN
> and try to connect again authentication will fail. The output below is
> copied from the terminal of the OpenVPN Server.
> ----------- TERMINAL OUTPUT START ----------------------------
> AUTH-PAM: BACKGROUND: USER/PASS: Administrator/secret
> AUTH-PAM: BACKGROUND: my_conv[0] query='login: ' style=2
> AUTH-PAM: BACKGROUND: name match found, query/match-string ['login: ',
> 'login'] = 'USERNAME'
> AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
> AUTH-PAM: BACKGROUND: name match found, query/match-string ['Password: ',
> 'password'] = 'PASSWORD'
> AUTH-PAM: BACKGROUND: user 'Administrator' failed to authenticate: Error
> in service module

According to this, the openvpn-auth-pam module sent the U/P to the PAM 
module, and the PAM library responded with the error code "Error in 
service module".  You would have to dig deeper to see why the PAM LDAP 
module is failing (openvpn-auth-pam is just a proxy here).  


Openvpn-users mailing list