Dual-auth (LDAP + OTP)

Scripts which allow the use of special authentication methods (LDAP, AD, MySQL/PostgreSQL, etc).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
beepmeep
OpenVpn Newbie
Posts: 2
Joined: Thu Apr 05, 2018 2:46 pm

Dual-auth (LDAP + OTP)

Post by beepmeep » Thu Apr 05, 2018 2:46 pm

Hi,
I'm having some issues getting OpenVPN to work using both LDAP login and a TOTP token and hoping someone else has a solution that works.

What I've tried:
Using plugins openvpn-auth-ldap with openvpn-otp with challenge/response. This works, except that I can't get gnome-network-manager-openvpn to prompt for the challenge/reponse key in GUI (which is necessary for my Linux Mint users) - it works perfectly for Windows, though.

Recently I tried using openvpn-plugin-auth-pam with openvpn-auth-ldap, so that users would type their password+otpkey in a single string, but the issue with auth-ldap is that it doesn't filter out the last 6 digits from the password and its being rejected in the LDAP plugin. This only works with a local user database :(

If anyone has any solutions or suggestions, I'd love to hear from you.

Thanks in advance,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Dual-auth (LDAP + OTP)

Post by TinCanTech » Thu Apr 05, 2018 4:59 pm

The problem is network-manager .. especially on Linux Mint ..

beepmeep
OpenVpn Newbie
Posts: 2
Joined: Thu Apr 05, 2018 2:46 pm

Re: Dual-auth (LDAP + OTP)

Post by beepmeep » Fri Apr 06, 2018 7:10 am

Thanks, but I'm aware of where the problems lie, I'm looking for solutions to make this work in GUI ;)

Post Reply