Yubico Forum ...visit our web-store at 2017-01-24T18:51:26+01:00 https://forum.yubico.com/feed.php?f=5&t=2541 2017-01-24T18:51:26+01:00 2017-01-24T18:51:26+01:00 https://forum.yubico.com/viewtopic.php?t=2541&p=9314#p9314 <![CDATA[[Q?] OpenVPN\yubico\LDAP stack smash det: openvpn terminated]]> I have installed OpenVPN with your pam_yubico Module as suggested at https://developers.yubico.com/yubico-pam/ on a fresh installed Ubuntu Server 16.04 LTS and now the OpenVPN crashes every time a user wants to connect since i have added the account line in the PAM Configuration-file for OpenVPN.
before the setup works fine with my own account which is present at the local machine, now i wanted a test with a new testing user and discovered that the account required line is needed. So i added it and now it's crashing the openVPN... any suggestions why this happens?

My Config-Files are
/etc/openvpn/server.conf
Code:
[...]
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn


/etc/pam.d/openvpn
Code:
auth required pam_yubico.so id=<ID> \
        yubi_attr=<ATTRName> \
        capath=/etc/ssl/certs \
        ldap_uri=ldap://ad.intern.dc.de/ \
        ldapdn=ou=worker,dc=intern,dc=dc,dc=de \
        ldap_bind_user=user@intern.dc.de ldap_bind_password=<passwd> \
        ldap_filter=(&(sAMAccountName=%u)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de)) \
        try_first_pass
account required pam_yubico.so


And the corresponding logfile-lines are
Code:
[../pam_yubico.c:authorize_user_token_ldap(286)] try bind with: user@intern.dc.de:[<passwd>]
[../pam_yubico.c:authorize_user_token_ldap(319)] LDAP : look up object base='ou=worker,dc=intern,dc=dc,dc=de' filter='(&(sAMAccountName=vpnuser)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de))', ask for attribute '<ATTRName>'
[../pam_yubico.c:authorize_user_token_ldap(355)] LDAP : Found 1 values - checking if any of them match '<yubiKey>::<yubiKey>'
[../pam_yubico.c:authorize_user_token_ldap(362)] Token Found :: <yubiKey>
[../pam_yubico.c:pam_sm_authenticate(1095)] done. [Success]
[../pam_yubico.c:pam_sm_acct_mgmt(1128)] pam_sm_acct_mgmt returing PAM_SUCCESS
*** stack smashing detected ***: /usr/sbin/openvpn terminated

Statistics: Posted by NorbertR — Tue Jan 24, 2017 6:51 pm

]]>