User authentication problems at OpenVPN on ArchLinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Good day everyone.
I'm facing a weird problem with my vpn. It fails to authenticate users despite the entered password is correct (copied and pasted).
OpenVPN (version 2.5.0 on ArchLinux) itself is serviced with systemd and runs fine. I'm using OpenVPN's auth-pam plugin to authenticate users. You find the configuration- and logfiles below.
When trying to log in, I get "User authentication failed" at my client and the following logging. The user was created with useradd and is able to login with ssh as well.
There is no pam config for openvpn in /etc/pam.d. But it worked before without it. 

Does anyone have an idea on how to fix this or how to debug pam properly?

journalctl -r|grep username
===========================
Dec 26 13:42:41 hostname kernel: audit: type=1100 audit(1608986561.263:1183): pid=678 uid=973 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="username" exe="/usr/bin/openvpn" hostname=? addr=? terminal=? res=failed'
Dec 26 13:42:41 hostname audit[678]: USER_AUTH pid=678 uid=973 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="username" exe="/usr/bin/openvpn" hostname=? addr=? terminal=? res=failed'
Dec 26 13:42:41 hostname openvpn[678]: pam_unix(login:auth): authentication failure; logname= uid=973 euid=973 tty= ruser= rhost= user=username
Dec 26 13:42:41 hostname unix_chkpwd[4160]: password check failed for user (username) 

/var/log/openvpn.log
====================
ip-addr [username] Peer Connection Initiated with [AF_INET6]ip-addr:52991
ip-addr PUSH: Received control message: 'PUSH_REQUEST'
ip-addr Delayed exit in 5 seconds
ip-addr SENT CONTROL [username]: 'AUTH_FAILED' (status=1)
ip-addr SIGTERM[soft,delayed-exit] received, client-instance exiting

server.conf
===========
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
port 1194

persist-key
persist-tun

proto udp
proto udp6

dev tun

ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/manmtr.crt
key /etc/openvpn/easy-rsa/pki/private/manmtr.key
dh /etc/openvpn/easy-rsa/pki/dh.pem

data-ciphers AES-256-GCM
;cipher AES-256-CBC
auth SHA512
reneg-sec 36000
inactive 0

server 192.168.200.0 255.255.255.0
push "route 192.168.100.0 255.255.255.0"

keepalive 10 36000

status openvpn-status.log

log /var/log/openvpn.log

verb 4

--
Jordan Borgner
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux