Help google authenticator + local unix authentication

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
berveglieri
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 02, 2017 3:32 pm

Help google authenticator + local unix authentication

Post by berveglieri » Mon Oct 02, 2017 3:48 pm

Hello experts,

I'm trying to configure google authenticator with linux local users database for 3 days already and keep failling.

i have configured openvpn + LDAP + certificate successfully. But when i try to add google authenticator even for local users in passwd/shadow i got this logs.

Code: Select all

Oct  2 12:26:40 openvpn openvpn(pam_google_authenticator)[1168]: Accepted google_authenticator for linus
Oct  2 12:26:40 openvpn openvpn(pam_google_authenticator)[1372]: Failed to change user id to "linus"
Oct  2 12:26:40 openvpn perl[1372]: pam_unix(openvpn:auth): auth could not identify password for [linus]
my /etc/pam.d/openvpn

Code: Select all

auth required pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass
when i use pamtester everything works very well but when i try to connect from client i got this errors about pam modules.

I can see it accepts google authenticator code but fails to get the local user and i dont know why.

Can someone give me a light?

thanks in advance.

TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: Help google authenticator + local unix authentication

Post by TiTex » Tue Oct 03, 2017 4:58 am

auth required pam_google_authenticator.so forward_pass
auth required pam_unix.so use_first_pass

are you trying to login through the/a GUI ?
I would try with something like

Code: Select all

auth required pam_unix.so use_first_pass
auth required pam_google_authenticator.so
from a terminal/cmd prompt see if that works

TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: Help google authenticator + local unix authentication

Post by TiTex » Tue Oct 03, 2017 9:50 am

actually... ignore the message i've posted above , seems like openvpn does not prompt you separately for the OTP Token like ssh (not by default) does

Post Reply