You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can get OpenVPN working with pam_ldap fine. I can also get it working with pam_yubico using a local auth file fine. I can't seem to get it working with pam_yubico and the LDAP settings though.
I know it performs an LDAP bind and returns a user with the required attribute as I can see it in tcpdump.
I have my openVPN client configured to ask for the OTP using static-challenge, so authentication request is:
Username prompt
LDAP Password prompt
OTP prompt
Looking at the examples I've found online (for SSH for example), it seems I should just use:
Username prompt
LDAP Password + OTP prompt (i.e. type password and put in OTP in the same field)
I've tried that, and get the same issue unfortunately.
I can get OpenVPN working with pam_ldap fine. I can also get it working with pam_yubico using a local auth file fine. I can't seem to get it working with pam_yubico and the LDAP settings though.
Here is my /etc/pam.d/openvpn:
I know it performs an LDAP bind and returns a user with the required attribute as I can see it in tcpdump.
I have my openVPN client configured to ask for the OTP using static-challenge, so authentication request is:
Username prompt
LDAP Password prompt
OTP prompt
Looking at the examples I've found online (for SSH for example), it seems I should just use:
Username prompt
LDAP Password + OTP prompt (i.e. type password and put in OTP in the same field)
I've tried that, and get the same issue unfortunately.
Here's the output from my openvpn server log:
I believe the issue is identified here:
Something is making it use my username as the OTP?
pam_yubico version: 2.26
OS: Amazon Linux 2 (4.14.232-177.418.amzn2.aarch64)
LDAP: OpenLDAP 2.x
The text was updated successfully, but these errors were encountered: