FreeIPA 4.5.4 + OpenVPN 2.4.6 + OTP
Posted: Mon Nov 12, 2018 1:40 pm
Hello everyone,
I'm not sure if I am in the correct forum or not. But, I hope I am. Anyway, I am trying to get OTP to work the openvpn using FreeIPA for user account management. Has anyone ever set this up before?
I have tried a multitude of things with the openvpn pam shared object:
plugin openvpn-plugin-auth-pam.so "openvpn" (combining password+otp in one line)
plugin openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD" (combining passowrd+otp in one line)
plugin openvpn-plugin-auth-pam.so "openvpn login USERNAME 'First Factor' PASSWORD 'Second Factor' OTP" (setting static-challeng in client.conf)
If I remove otp from the user account, I can login just fine. Just trying to wrap my head around the plugin so that it will work with FreeIPA OTP enabled accounts.
Any help is greatly appreciated.
I'm not sure if I am in the correct forum or not. But, I hope I am. Anyway, I am trying to get OTP to work the openvpn using FreeIPA for user account management. Has anyone ever set this up before?
I have tried a multitude of things with the openvpn pam shared object:
plugin openvpn-plugin-auth-pam.so "openvpn" (combining password+otp in one line)
plugin openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD" (combining passowrd+otp in one line)
plugin openvpn-plugin-auth-pam.so "openvpn login USERNAME 'First Factor' PASSWORD 'Second Factor' OTP" (setting static-challeng in client.conf)
If I remove otp from the user account, I can login just fine. Just trying to wrap my head around the plugin so that it will work with FreeIPA OTP enabled accounts.
Any help is greatly appreciated.