請教OPENVPN採用USERNAME/PASSWORD登入問題(急)

火星人 @ 2014-03-04 , reply:0
←手機掃碼閱讀

請教OPENVPN採用USERNAME/PASSWORD登入問題(急)

我根據「OpenVPN使用User-Pass驗證登錄」一文進行配置,相應的測試都已通過,但在WIN端會重複彈出輸入帳號和密碼,而無法連接。相關日誌如下,請各位大俠幫忙看看,謝謝!
伺服器端配置如下:
;local 192.168.18.1
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 192.168.228.0 255.255.255.0
;server 219.229.144.32 255.255.255.224
ifconfig-pool-persist ipp.txt
push "route 192.168.17.0 255.255.255.0"
;push "route 211.80.184.0 255.255.248.0"
;push "route 210.34.192.0 255.255.248.0"
;push "route 219.229.144.0 255.255.248.0"
;push "route 218.6.67.0 255.255.255.0"
push "dhcp-option DNS 211.80.184.1"
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
plugin /etc/openvpn/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log        /var/log/openvpn.log
;log-append  openvpn.log
verb 4
;mute 20

客戶端配置如下:
client
;dev tap
dev tun
;proto tcp
proto udp
remote 211.80.189.18 1194
;remote my-server-2 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
tls-auth ta.key 1
;route 192.168.0.0 255.255.252.0
comp-lzo
verb 4
;mute 20

/var/log/openvpn.log日誌內容如下:
。。。。。。
Tue Apr  3 22:43:17 2007 us=385399 211.80.191.3:1704 TLS Auth Error: Auth Username/Password verification failed for peer
Tue Apr  3 22:43:18 2007 us=18220 211.80.191.3:1704 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Tue Apr  3 22:43:18 2007 us=18283 211.80.191.3:1704 [] Peer Connection Initiated with 211.80.191.3:1704
Tue Apr  3 22:43:19 2007 us=47236 211.80.191.3:1704 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr  3 22:43:19 2007 us=47312 211.80.191.3:1704 SENT CONTROL : 'AUTH_FAILED' (status=1)
Tue Apr  3 22:43:19 2007 us=47331 211.80.191.3:1704 Delayed exit in 5 seconds
Tue Apr  3 22:43:24 2007 us=564958 211.80.191.3:1704 SIGTERM received, client-instance exiting
Wed Apr  4 09:51:12 2007 us=847802 MULTI: multi_create_instance called
Wed Apr  4 09:51:12 2007 us=847889 211.80.189.253:1935 Re-using SSL/TLS context
Wed Apr  4 09:51:12 2007 us=847930 211.80.189.253:1935 LZO compression initialized
Wed Apr  4 09:51:12 2007 us=848032 211.80.189.253:1935 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Apr  4 09:51:12 2007 us=848055 211.80.189.253:1935 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Apr  4 09:51:12 2007 us=848112 211.80.189.253:1935 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Apr  4 09:51:12 2007 us=848129 211.80.189.253:1935 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Apr  4 09:51:12 2007 us=848159 211.80.189.253:1935 Local Options hash (VER=V4): '14168603'
Wed Apr  4 09:51:12 2007 us=848184 211.80.189.253:1935 Expected Remote Options hash (VER=V4): '504e774e'
Wed Apr  4 09:51:12 2007 us=848231 211.80.189.253:1935 TLS: Initial packet from 211.80.189.253:1935, sid=0451cfb9 98c5c338
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER/PASS: lt/lt
AUTH-PAM: BACKGROUND: my_conv query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'lt' failed to authenticate: Permission denied
Wed Apr  4 09:51:15 2007 us=505550 211.80.189.253:1935 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Apr  4 09:51:15 2007 us=505580 211.80.189.253:1935 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Wed Apr  4 09:51:15 2007 us=505605 211.80.189.253:1935 TLS Auth Error: Auth Username/Password verification failed for peer
Wed Apr  4 09:51:15 2007 us=527932 211.80.189.253:1935 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Apr  4 09:51:15 2007 us=527971 211.80.189.253:1935 [] Peer Connection Initiated with 211.80.189.253:1935
Wed Apr  4 09:51:16 2007 us=790633 211.80.189.253:1935 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr  4 09:51:16 2007 us=790708 211.80.189.253:1935 SENT CONTROL : 'AUTH_FAILED' (status=1)
Wed Apr  4 09:51:16 2007 us=790728 211.80.189.253:1935 Delayed exit in 5 seconds
Wed Apr  4 09:51:21 2007 us=105403 211.80.189.253:1935 SIGTERM received, client-instance exiting
《解決方案》

UTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER/PASS: lt/lt
AUTH-PAM: BACKGROUND: my_conv query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'lt' failed to authenticate: Permission denied

看看PAM是否有問題
《解決方案》

我用以下命令測試正常呀
# testsaslauthd -u lt -p lt -s openvpn
0: OK "Success."
《解決方案》

好像plugin ./openvpn-auth-pam.so openvpn 無法調用MYSQL資料庫。
《解決方案》

回復 2# wenzk
你好,我也遇到一個類似的問題,我是用openvpn+pam+ldap做認證,當客戶端嘗試連接的時候不斷地重複提示輸入用戶名密碼,而且日誌中有這種信息:
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: wangpo
AUTH-PAM: BACKGROUND: my_conv query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'wangpo' failed to authenticate: User not known to the underlying authentication module

請問,有什麼想法么?


   




[火星人 via ] 請教OPENVPN採用USERNAME/PASSWORD登入問題(急)已經有506次圍觀

http://www.coctec.com/docs/service/show-post-12421.html