Yubico Forum
https://forum.yubico.com/

[Q?] OpenVPN\yubico\LDAP stack smash det: openvpn terminated
https://forum.yubico.com/viewtopic.php?f=5&t=2541
Page 1 of 1

Author:  NorbertR [ Tue Jan 24, 2017 6:51 pm ]
Post subject:  [Q?] OpenVPN\yubico\LDAP stack smash det: openvpn terminated

Hello Guys
I have installed OpenVPN with your pam_yubico Module as suggested at https://developers.yubico.com/yubico-pam/ on a fresh installed Ubuntu Server 16.04 LTS and now the OpenVPN crashes every time a user wants to connect since i have added the account line in the PAM Configuration-file for OpenVPN.
before the setup works fine with my own account which is present at the local machine, now i wanted a test with a new testing user and discovered that the account required line is needed. So i added it and now it's crashing the openVPN... any suggestions why this happens?

My Config-Files are
/etc/openvpn/server.conf
Code:
[...]
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn


/etc/pam.d/openvpn
Code:
auth required pam_yubico.so id=<ID> \
        yubi_attr=<ATTRName> \
        capath=/etc/ssl/certs \
        ldap_uri=ldap://ad.intern.dc.de/ \
        ldapdn=ou=worker,dc=intern,dc=dc,dc=de \
        ldap_bind_user=user@intern.dc.de ldap_bind_password=<passwd> \
        ldap_filter=(&(sAMAccountName=%u)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de)) \
        try_first_pass
account required pam_yubico.so


And the corresponding logfile-lines are
Code:
[../pam_yubico.c:authorize_user_token_ldap(286)] try bind with: user@intern.dc.de:[<passwd>]
[../pam_yubico.c:authorize_user_token_ldap(319)] LDAP : look up object base='ou=worker,dc=intern,dc=dc,dc=de' filter='(&(sAMAccountName=vpnuser)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de))', ask for attribute '<ATTRName>'
[../pam_yubico.c:authorize_user_token_ldap(355)] LDAP : Found 1 values - checking if any of them match '<yubiKey>::<yubiKey>'
[../pam_yubico.c:authorize_user_token_ldap(362)] Token Found :: <yubiKey>
[../pam_yubico.c:pam_sm_authenticate(1095)] done. [Success]
[../pam_yubico.c:pam_sm_acct_mgmt(1128)] pam_sm_acct_mgmt returing PAM_SUCCESS
*** stack smashing detected ***: /usr/sbin/openvpn terminated

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/