Hi Adrian and Alan, I ended up compiling the master branch of pam_radius_auth.so to have the latest. :) However */etc/pam.d/pam_radius_auth.conf* 127.0.0.1 secret 3 */etc/pam.d/ovpn-0* account sufficient pam_permit.so auth required pam_radius_auth.so conf=/etc/pam.d/pam_radius_auth.conf But the moment I activate it like this in OpenVPN and restart it: *server.conf* plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ovpn-0 I can no longer establish the VPN connection and the local freeradius is not even hit. I get this error in /var/log/openvpn/openvpn.log 89.32.123.xxx:18585 TLS Error: Auth Username/Password was not provided by peer 89.32.123.xxx:18585 TLS Error: TLS handshake failed Is there a way to get more verbose logs to see what the issue is? Based on my research the only way to activate the PAM for OpenVPN is to use the plugin in the config as I did above. Many Thanks, Houman On Tue, 21 Jul 2020 at 19:38, Alan DeKok <aland@deployingradius.com> wrote:
On Jul 21, 2020, at 2:05 PM, Houman <houmie@gmail.com> wrote:
Thank you Alan,
I have installed it. It is now in /usr/lib/security/pam_radius_auth.so
Then I have tried to utilise it like this: */etc/pam.d/ovpn-0:* account sufficient pam_permit.so auth required pam_radius_auth.so conf=/etc/pam.d/pam_radius_auth.conf
*pam_radius_auth.conf:* 127.0.0.1 secret 3
That's good.
But despite a restart, when I connect with OpenVPN freeradius is not hit at all.
Did you configure OpenVPN to use PAM?
I'm running freeradius -X.
Maybe I have to use the full path to pam_radius_auth.so in ovpn-0? WHat could I have missed?
Read the OpenVPN documentation for how to configure OpenVPN.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html