AUTH-PAM: BACKGROUND: user 'zhonghb' failed to authenticate: Permission denied

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kason
OpenVpn Newbie
Posts: 1
Joined: Tue Jul 03, 2018 11:00 am

AUTH-PAM: BACKGROUND: user 'zhonghb' failed to authenticate: Permission denied

Post by kason » Tue Jul 03, 2018 11:43 am

use openvpn-auth-pam.so and mysql for openvpn'user login.


Suddenly a client connection.

clientlog:
Tue Jul 03 18:11:45 2018 Restart pause, 5 second(s)
Tue Jul 03 18:41:53 2018 MANAGEMENT: CMD 'username "Auth" "zhonghb"'
Tue Jul 03 18:41:53 2018 MANAGEMENT: CMD 'password [...]'
Tue Jul 03 18:41:53 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]118.8.4.41:6789
Tue Jul 03 18:41:53 2018 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jul 03 18:41:53 2018 Attempting to establish TCP connection with [AF_INET]118.8.4.41:6789 [nonblock]
Tue Jul 03 18:41:53 2018 MANAGEMENT: >STATE:1530614513,TCP_CONNECT,,,,,,
Tue Jul 03 18:41:54 2018 TCP connection established with [AF_INET]118.8.4.41:6789
Tue Jul 03 18:41:54 2018 TCP_CLIENT link local: (not bound)
Tue Jul 03 18:41:54 2018 TCP_CLIENT link remote: [AF_INET]118.8.4.41:6789
Tue Jul 03 18:41:54 2018 MANAGEMENT: >STATE:1530614514,WAIT,,,,,,
Tue Jul 03 18:41:54 2018 MANAGEMENT: >STATE:1530614514,AUTH,,,,,,
Tue Jul 03 18:41:54 2018 TLS: Initial packet from [AF_INET]118.8.4.41:6789, sid=35ff126f a26d6444
Tue Jul 03 18:41:54 2018 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=ca, name=EasyRSA, emailAddress=me@myhost.mydomain
Tue Jul 03 18:41:54 2018 VERIFY KU OK
Tue Jul 03 18:41:54 2018 Validating certificate extended key usage
Tue Jul 03 18:41:54 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 03 18:41:54 2018 VERIFY EKU OK
Tue Jul 03 18:41:54 2018 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=me@myhost.mydomain
Tue Jul 03 18:41:54 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jul 03 18:41:54 2018 [server] Peer Connection Initiated with [AF_INET]118.8.4.41:6789
Tue Jul 03 18:41:55 2018 MANAGEMENT: >STATE:1530614515,GET_CONFIG,,,,,,
Tue Jul 03 18:41:55 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jul 03 18:41:56 2018 AUTH: Received control message: AUTH_FAILED
Tue Jul 03 18:41:56 2018 SIGUSR1[soft,auth-failure] received, process restarting
Tue Jul 03 18:41:56 2018 MANAGEMENT: >STATE:1530614516,RECONNECTING,auth-failure,,,,,
Tue Jul 03 18:41:56 2018 Restart pause, 5 second(s)

openvpn.log:
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 peer info: IV_TCPNL=1
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 peer info: IV_GUI_VER=OpenVPN_GUI_11
Can't initialize threads: error 11
AUTH-PAM: BACKGROUND: user 'zhonghb' failed to authenticate: Permission denied
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 PLUGIN_CALL: POST /etc/openvpn/script/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/script/openvpn-auth-pam.so
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 TLS Auth Error: Auth Username/Password verification failed for peer
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384
Tue Jul 3 18:41:54 2018 218.17.160.187:51527 Peer Connection Initiated with [AF_INET]21.17.160.187:51527
0Tue Jul 3 18:41:55 2018 218.17.160.187:51527 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jul 3 18:41:55 2018 218.17.160.187:51527 Delayed exit in 5 seconds
Tue Jul 3 18:41:55 2018 218.17.160.187:51527 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Tue Jul 3 18:41:55 2018 218.17.160.187:51527 Connection reset, restarting [0]
Tue Jul 3 18:41:55 2018 218.17.160.187:51527 SIGUSR1[soft,connection-reset] received, client-instance restarting

server.conf:
plugin /etc/openvpn/script/openvpn-auth-pam.so /etc/pam.d/openvpn
management localhost 7505
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh

[root@VM_101_41_centos openvpn]# cat /etc/pam.d/openvpn
auth sufficient /lib/security/pam_mysql.so user=vpn passwd=vpn host=localhost port=3306 db=openvpn table=USERS usercolumn=USERNAME passwdcolumn=PASSWORD where=ACTIVE=1 sqllog=0 crypt=0
account required /lib/security/pam_mysql.so user=vpn passwd=vpn host=localhost port=3306 db=openvpn table=USERS usercolumn=USERNAME passwdcolumn=PASSWORD where=ACTIVE=1 sqllog=0 crypt=0

but,i test pam is ok.
[root@VM_101_41_centos openvpn]# testsaslauthd -u zhonghb -p Aa_111111 -s openvpn
0: OK "Success."


I suspect the openvpn's openvpn-auth-pam.so plugin problem, how can I solve this problem?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: AUTH-PAM: BACKGROUND: user 'zhonghb' failed to authenticate: Permission denied

Post by TinCanTech » Tue Jul 03, 2018 12:07 pm

kason wrote:
Tue Jul 03, 2018 11:43 am
 use openvpn-auth-pam.so and mysql for openvpn'user login
I do not know how you would use mysql ..

This module will only work on *nix systems which support PAM, not Windows.

See: https://github.com/OpenVPN/openvpn/tree ... s/auth-pam
Top
Post Reply

Return to “Server Administration”