Hi,
is there any way how to use OpenVPN and privacyIDEA Push Tokens?
OpenVPN can use RADIUS, or PAM for user authentication.
It’s not possible to use radius Testing privacyIDEA Push Token so I’m using https://github.com/privacyidea/pam_python
But there is the same problem. I enter username and pin to OpenVPN connect prompt. After that OpenVPN crash with error AUTH: Received control message: AUTH_FAILED.
In OpenVPN server config I have:
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
and /etc/pam.d/openvpn:
auth [success=1 default=ignore] pam_python.so /opt/pam_python/privacyidea_pam.py url=https://ovpn-mfa.example.net/ prompt=privacyIDEA_Authentication
auth requisite pam_deny.so
auth required pam_permit.so
session sufficient pam_permit.so
account sufficient pam_permit.so
logs:
# /var/log/openvpn.log
AUTH-PAM: BACKGROUND: user 'pokus' failed to authenticate: Authentication failure
Wed Feb 12 12:49:38 2020 1.2.3.4:53358 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Feb 12 12:49:38 2020 1.2.3.4:53358 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so
Wed Feb 12 12:49:38 2020 1.2.3.4:53358 TLS Auth Error: Auth Username/Password verification failed for peer
# tail -f /var/log/auth.log
Feb 12 12:49:38 ovpn-mfa openvpn: offline check returned: False, None
Feb 12 12:49:38 ovpn-mfa openvpn: requests > 1.0
Feb 12 12:49:38 ovpn-mfa openvpn: Prompting for challenge response
Feb 12 12:49:38 ovpn-mfa openvpn: requests > 1.0
Is possible to use OpenVPN and privacyIDEA Push Tokens? @cornelinux
Thanks.
