On Jun 16, 2006, at 1:39 AM, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
The above ONLY works when the username supplied by the Openvpn client is found in the passwd file on the Openvpn server. Yes it does use the radius server to authenticate.
As you can imagine this is not the behavior I want.
seems fine to me - but as you don't say what bahaviour you do want...
Sorry, it was clear to me. :^} What I want is for the vpn server to act like an appliance. None of the people using the vpn server will ever be permitted log ON to the server. Thus having user accounts on the server would be a bad thing, both from a security and administrative point of view.
Is it redhat, Openvpn, Freeradius or a combination of the three?
I assume you are trying to use the PAM functionality of OpenVPN server...and using the RADIUS PAM plugin. if ONLY accounts that are in /etc/passwd etc are working, then it is a PAM configuration issue. I'd check through the login/account parts of the PAM subsystem (oh and the PAM logs) to see what REQUIRES flags etc are being used.
Exactly. Logs?! Oh. hal