Official plugin for Freeradius + OpenVPN?
Houman
houmie at gmail.com
Wed Jul 22 21:04:18 CEST 2020
Hi Adrian and Alan,
I ended up compiling the master branch of pam_radius_auth.so to have the
latest. :)
However
*/etc/pam.d/pam_radius_auth.conf*
127.0.0.1 secret 3
*/etc/pam.d/ovpn-0*
account sufficient pam_permit.so
auth required pam_radius_auth.so
conf=/etc/pam.d/pam_radius_auth.conf
But the moment I activate it like this in OpenVPN and restart it:
*server.conf*
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so ovpn-0
I can no longer establish the VPN connection and the local freeradius is
not even hit.
I get this error in /var/log/openvpn/openvpn.log
89.32.123.xxx:18585 TLS Error: Auth Username/Password was not provided by
peer
89.32.123.xxx:18585 TLS Error: TLS handshake failed
Is there a way to get more verbose logs to see what the issue is?
Based on my research the only way to activate the PAM for OpenVPN is to use
the plugin in the config as I did above.
Many Thanks,
Houman
On Tue, 21 Jul 2020 at 19:38, Alan DeKok <aland at deployingradius.com> wrote:
> On Jul 21, 2020, at 2:05 PM, Houman <houmie at gmail.com> wrote:
> >
> > Thank you Alan,
> >
> > I have installed it. It is now in /usr/lib/security/pam_radius_auth.so
> >
> > Then I have tried to utilise it like this:
> > */etc/pam.d/ovpn-0:*
> > account sufficient pam_permit.so
> > auth required pam_radius_auth.so
> > conf=/etc/pam.d/pam_radius_auth.conf
> >
> > *pam_radius_auth.conf:*
> > 127.0.0.1 secret 3
>
> That's good.
>
> > But despite a restart, when I connect with OpenVPN freeradius is not hit
> at
> > all.
>
> Did you configure OpenVPN to use PAM?
>
> > I'm running freeradius -X.
> >
> > Maybe I have to use the full path to pam_radius_auth.so in ovpn-0? WHat
> > could I have missed?
>
> Read the OpenVPN documentation for how to configure OpenVPN.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list