OpenVPN + pam_auth_radius + Windows 2008 Radius Server

Fajar A. Nugraha list at fajar.net
Wed Nov 23 06:53:07 CET 2011


On Wed, Nov 23, 2011 at 12:40 PM, Nate <openvpn at aivector.com> wrote:
> "In any case, openvpn-related integration issues is better suited on
>> openvpn list/forum. This list is more suitable for problems related to
>> freeradius (hint: if you haven't had the need to run FR in debug mode
>> then most likely it's not FR problem)."
>
> Funny thing, they just sent me here lol

Well, at this point looking from

Tue Nov 22 14:26:21 2011 {MYRADIUS_IP}:61645 TLS Auth Error: Auth
Username/Password verification failed for peer

the best guess I can give you is incorrrect user/pass. Why? Well, to
answer that we need to look at FR debug log. Which you didn't send.
Without that, your guess is as good as mine.

>
> "If you simply want to authenticate openvpn users using radius, no need
>>
>> to involve pam at all. See http://www.nongnu.org/radiusplugin/"
>
> Thanks, I've tried the radiusplugin.  Maybe I'll install it again.  I didn't have much luck with that either.

It works. I know, I tried it :)

>
> I appreciate the help though.  My guess is at this point we have a radius server problem, but our cisco devices don't have any problems connecting to it, which is why I came to this forum.

My guess is it's related to PAM. IIRC if the user doesn't exists in
the system (i.e. /etc/passwd), pam will send garbage password to
radius. Which is why I suggest using radiusplugin directly.

And again, if you have FR-related problems, run it in debug mode and
post the log here.

-- 
Fajar




More information about the Freeradius-Users mailing list