You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,@wheelybird
If I set "ENABLE_OTP=true",LDAP use authentication fails;If I no set "ENABLE_OTP=true",LDAP use authentication succes.
so why otp set fails?
I don't know - you haven't provided any logs or further information. My guess is that you haven't read the README. You need to set up MFA for a user and then append the OTP to the password when logging in: https://github.com/wheelybird/openvpn-server-ldap-otp?tab=readme-ov-file#using-otp
I can also see that you haven't changed the volume path to somewhere suitable on the host. Change --volume /path/on/host:/etc/openvpn to something useful like --volume /opt/openvpn-otp:/etc/openvpn
If you have set up MFA already then you can debug authentication by execing into the container and using pamtester, as follows:
You'll need to get a shell in the existing container: docker exec -ti {container name} bash
Now install some packages: apt-get install -y pamtester psmisc
Kill the existing nslcd process: killall nslcd
Start a new background process with debugging enabled: nslcd -d &
Now you can run pamtester: pamtester openvpn {your username} authenticate
Hello,@wheelybird
If I set "ENABLE_OTP=true",LDAP use authentication fails;If I no set "ENABLE_OTP=true",LDAP use authentication succes.
so why otp set fails?
my docker container:
docker run
--name openvpn
--volume /path/on/host:/etc/openvpn
--detach=true
--restart=always
-p 1194:1194/udp
-e "OVPN_SERVER_CN=ldap.moon.com"
-e "LDAP_URI=ldap://192.168.100.10:389"
-e "LDAP_TLS_VALIDATE_CERT=false"
-e "LDAP_BASE_DN=dc=moon,dc=com"
-e "LDAP_BIND_USER_DN=cn=admin,dc=moon,dc=com"
-e "LDAP_BIND_USER_PASS=xxyyzzaabbc"
-e "LOG_TO_STDOUT=false"
-e "OVPN_ROUTES=172.17.0.0 255.255.0.0"
-e "OVPN_NAT=false"
-e "OVPN_DNS_SERVERS=8.8.8.8"
-e "ENABLE_OTP=true"
--cap-add=NET_ADMIN
wheelybird/openvpn-ldap-otp:v1.8
thanks
The text was updated successfully, but these errors were encountered: