Thanks for the help. I think I just figured it out. My configuration is ok, and the radius server is ok. The problem is the component the radius server was communicating with. Thanks for the help as it did help me get to the correct solution. Thanks! On 11/22/2011 10:53 PM, Fajar A. Nugraha wrote:
On Wed, Nov 23, 2011 at 12:40 PM, Nate<openvpn@aivector.com> wrote:
"In any case, openvpn-related integration issues is better suited on
openvpn list/forum. This list is more suitable for problems related to freeradius (hint: if you haven't had the need to run FR in debug mode then most likely it's not FR problem)." Funny thing, they just sent me here lol Well, at this point looking from
Tue Nov 22 14:26:21 2011 {MYRADIUS_IP}:61645 TLS Auth Error: Auth Username/Password verification failed for peer
the best guess I can give you is incorrrect user/pass. Why? Well, to answer that we need to look at FR debug log. Which you didn't send. Without that, your guess is as good as mine.
"If you simply want to authenticate openvpn users using radius, no need
to involve pam at all. See http://www.nongnu.org/radiusplugin/" Thanks, I've tried the radiusplugin. Maybe I'll install it again. I didn't have much luck with that either. It works. I know, I tried it :)
I appreciate the help though. My guess is at this point we have a radius server problem, but our cisco devices don't have any problems connecting to it, which is why I came to this forum. My guess is it's related to PAM. IIRC if the user doesn't exists in the system (i.e. /etc/passwd), pam will send garbage password to radius. Which is why I suggest using radiusplugin directly.
And again, if you have FR-related problems, run it in debug mode and post the log here.