OpenVPN + pam_auth_radius + Windows 2008 Radius Server

Nate openvpn at aivector.com
Wed Nov 23 17:17:39 CET 2011


Thanks for the help.  I think I just figured it out.  My configuration 
is ok, and the radius server is ok.  The problem is the component the 
radius server was communicating with.  Thanks for the help as it did 
help me get to the correct solution.  Thanks!

On 11/22/2011 10:53 PM, Fajar A. Nugraha wrote:
> On Wed, Nov 23, 2011 at 12:40 PM, Nate<openvpn at aivector.com>  wrote:
>> "In any case, openvpn-related integration issues is better suited on
>>> openvpn list/forum. This list is more suitable for problems related to
>>> freeradius (hint: if you haven't had the need to run FR in debug mode
>>> then most likely it's not FR problem)."
>> Funny thing, they just sent me here lol
> Well, at this point looking from
>
> Tue Nov 22 14:26:21 2011 {MYRADIUS_IP}:61645 TLS Auth Error: Auth
> Username/Password verification failed for peer
>
> the best guess I can give you is incorrrect user/pass. Why? Well, to
> answer that we need to look at FR debug log. Which you didn't send.
> Without that, your guess is as good as mine.
>
>> "If you simply want to authenticate openvpn users using radius, no need
>>> to involve pam at all. See http://www.nongnu.org/radiusplugin/"
>> Thanks, I've tried the radiusplugin.  Maybe I'll install it again.  I didn't have much luck with that either.
> It works. I know, I tried it :)
>
>> I appreciate the help though.  My guess is at this point we have a radius server problem, but our cisco devices don't have any problems connecting to it, which is why I came to this forum.
> My guess is it's related to PAM. IIRC if the user doesn't exists in
> the system (i.e. /etc/passwd), pam will send garbage password to
> radius. Which is why I suggest using radiusplugin directly.
>
> And again, if you have FR-related problems, run it in debug mode and
> post the log here.
>



More information about the Freeradius-Users mailing list