Hi,
we have OpenVPN, PrivacyIdea and LDAP on seperate VMs and trying to configure OpenVPN to work with PrivacyIdea and had no luck.
The LDAP is connect and when we test the connection we get the users. So PrivacyIdea and LDAP are corectly configurated. Now is just a problem with OpenVPN. Becasuse the docs are outdated we can’t follow them but any way we tried with this
Thanks for replay and if I understand this correctly the pam should look like this
/etc/pam.d/openvpn
#
# /etc/pam.d/privacyidea-auth - authentication settings for services that should use 2FA with privacyIDEA
#
# This config can be used to soley authenticate against privacyIDEA
#
# It comes with no warranty.
#
auth [success=1 default=ignore] pam_privacyidea.so url=https://server_ip
# fallback if privacyidea fails
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so
so I don’t need to specify the path for pam_privacyidea.so to /lib64/security/pam_privacyidea.so?
and one more question, do I need to have the otp created or is this working just fine with ldap realm and ldap credentials. For start I just want to go slow and test to see if the basics works.
This depends on your privacyIDEA configuration. Authenitcation policies.
Yes, you can have it this way e.g. by using a passthru policy.
Note: The user (loginname) also needs to exist (or needs to be found) on the system, where you are logging in. (However, this is out of scope of privacyidea)
What do you think this error could mean?
What does it actually say?
“undefined symbol: pam_get_user”
Hint: This is a compiled and linked C module, that is calling s.th. that can not be found “undefined symbol”. This has nothing to do with privacyIDEA/the module itself, but with the fact, that it does not run on your distribution. Either you are missing dependencies or you need to compile it yourself, anew.
I can not tell. Only you can, since you know your system.
I googled and no solution. I fixed the “undefined symbol: pam_get_user” by building from source from github. I followed the instruction to install all libraries and copy that one file into includes and compile, but now there is another of this thing called “curl_easy_perform” and I search the google with no luck even found someone who asked in this forums still got no answer or solution. So we are unable to make this happen on openvpn with privacyidea.
If this is not the right place to ask this question can you maybe provide a forum name or site that I can solve this issue.
And sorry for my lack of knowledge in the this situation, but I can’t find any answers on google
Compiling C code always comes with a lot of dependencies. You are only telling here one line of error. Usually (this is not only the case with privacyIDEA but with all C code on the world) you would need a magic glass ball to know reasons.
The reasons are hidden in the versions of your libraries which are usually determined by the version of the linux distro you are running. So for startes it would be a good idea, to look at this.
This is a place where you can ask. On the other hand, you could also ask in a C forum “How do I debug compiling source code step by step”.
I don’t know where to look for solutions cuz there is no information on google about this and I can’t even find and blogs that anyone even try the new pam from privacyidea