Authentication Error on Openvpn + PrivacyIDEA +LDAP

Sathishkumar_S · February 8, 2023, 9:56am

Hey Team,

Have deployed privacyidea latest version on ubuntu server and we have openvpn server deployed on another server.

Now we are integrating the openvpn with privacyidea(LDAP + TOTP) auth.

And after we did the needful config, getting the below error on openvpn.log and no relative logs on the “privacyidea.log” file.

" AUTH-PAM: BACKGROUND: user ‘siraj.test’ failed to authenticate: Authentication failure
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 TLS Auth Error: Auth Username/Password verification failed for peer
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 Peer Connection Initiated with [AF_INET]106.51.73.107:62211
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 PUSH: Received control message: ‘PUSH_REQUEST’
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 Delayed exit in 5 seconds
Wed Feb 8 09:45:08 2023 106.51.73.107:62211 SENT CONTROL [UNDEF]: ‘AUTH_FAILED’ (status=1)
Wed Feb 8 09:45:13 2023 106.51.73.107:62211 SIGTERM[soft,delayed-exit] received, client-instance exiting "

/etc/pam.d/openvpn

auth [success=1 default=ignore] /etc/pam.d/pam_python.so /home/sathishkumar.s/privacyidea_pam.py url=https://privacyidea.mydomain.io prompt=privacyIDEA_Authentication realm=ldaprealm nosslverify debug
auth requisite pam_deny.so
auth required pam_permit.so
session sufficient pam_permit.so
account sufficient pam_permit.so

openvpn server.conf

Added the below line on the server.conf
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so “/etc/pam.d/openvpn”

client.ovpn
Added the needful config

reneg-sec 0
auth-user-pass

Please help us out to fix the issue… Thanks in advance