Hello Guys
I have installed OpenVPN with your pam_yubico Module as suggested at
https://developers.yubico.com/yubico-pam/ on a fresh installed Ubuntu Server 16.04 LTS and now the OpenVPN crashes every time a user wants to connect since i have added the account line in the PAM Configuration-file for OpenVPN.
before the setup works fine with my own account which is present at the local machine, now i wanted a test with a new testing user and discovered that the account required line is needed. So i added it and now it's crashing the openVPN... any suggestions why this happens?
My Config-Files are
/etc/openvpn/server.confCode:
[...]
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
/etc/pam.d/openvpnCode:
auth required pam_yubico.so id=<ID> \
yubi_attr=<ATTRName> \
capath=/etc/ssl/certs \
ldap_uri=ldap://ad.intern.dc.de/ \
ldapdn=ou=worker,dc=intern,dc=dc,dc=de \
ldap_bind_user=user@intern.dc.de ldap_bind_password=<passwd> \
ldap_filter=(&(sAMAccountName=%u)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de)) \
try_first_pass
account required pam_yubico.so
And the corresponding logfile-lines are
Code:
[../pam_yubico.c:authorize_user_token_ldap(286)] try bind with: user@intern.dc.de:[<passwd>]
[../pam_yubico.c:authorize_user_token_ldap(319)] LDAP : look up object base='ou=worker,dc=intern,dc=dc,dc=de' filter='(&(sAMAccountName=vpnuser)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de))', ask for attribute '<ATTRName>'
[../pam_yubico.c:authorize_user_token_ldap(355)] LDAP : Found 1 values - checking if any of them match '<yubiKey>::<yubiKey>'
[../pam_yubico.c:authorize_user_token_ldap(362)] Token Found :: <yubiKey>
[../pam_yubico.c:pam_sm_authenticate(1095)] done. [Success]
[../pam_yubico.c:pam_sm_acct_mgmt(1128)] pam_sm_acct_mgmt returing PAM_SUCCESS
*** stack smashing detected ***: /usr/sbin/openvpn terminated
Login
FAQ
Search
