Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IF uses OTP,LDAP authentication fails #85

Open
skysungod007 opened this issue Jun 14, 2024 · 2 comments
Open

IF uses OTP,LDAP authentication fails #85

skysungod007 opened this issue Jun 14, 2024 · 2 comments

Comments

@skysungod007
Copy link

Hello,@wheelybird
If I set "ENABLE_OTP=true",LDAP use authentication fails;If I no set "ENABLE_OTP=true",LDAP use authentication succes.
so why otp set fails?

my docker container:
docker run
--name openvpn
--volume /path/on/host:/etc/openvpn
--detach=true
--restart=always
-p 1194:1194/udp
-e "OVPN_SERVER_CN=ldap.moon.com"
-e "LDAP_URI=ldap://192.168.100.10:389"
-e "LDAP_TLS_VALIDATE_CERT=false"
-e "LDAP_BASE_DN=dc=moon,dc=com"
-e "LDAP_BIND_USER_DN=cn=admin,dc=moon,dc=com"
-e "LDAP_BIND_USER_PASS=xxyyzzaabbc"
-e "LOG_TO_STDOUT=false"
-e "OVPN_ROUTES=172.17.0.0 255.255.0.0"
-e "OVPN_NAT=false"
-e "OVPN_DNS_SERVERS=8.8.8.8"
-e "ENABLE_OTP=true"
--cap-add=NET_ADMIN
wheelybird/openvpn-ldap-otp:v1.8

thanks

@wheelybird
Copy link
Owner

I don't know - you haven't provided any logs or further information. My guess is that you haven't read the README. You need to set up MFA for a user and then append the OTP to the password when logging in: https://github.com/wheelybird/openvpn-server-ldap-otp?tab=readme-ov-file#using-otp
I can also see that you haven't changed the volume path to somewhere suitable on the host. Change --volume /path/on/host:/etc/openvpn to something useful like --volume /opt/openvpn-otp:/etc/openvpn

If you have set up MFA already then you can debug authentication by execing into the container and using pamtester, as follows:

You'll need to get a shell in the existing container: docker exec -ti {container name} bash
Now install some packages: apt-get install -y pamtester psmisc
Kill the existing nslcd process: killall nslcd
Start a new background process with debugging enabled: nslcd -d &
Now you can run pamtester: pamtester openvpn {your username} authenticate

@skysungod007
Copy link
Author

thanks,I try do it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants