Community Forum

Resolved
0 votes
Hi,

Having troubles connecting OpenVPN clients to the server. I am getting AUTH_FAILED error.
I see some conversations on this topic, but no solutions.

My situation:

- ClearOS7.2 Business
- Generated 20 users
- Samba installed
- OpenVPN installed
- OpenVPN client installed following the ClearOS tutorial (config and keys copied to client, connecting from remote location, asked for password, then AUTH_FAILED error)

Client side log:
...
Mon Oct 09 11:06:40 2017 MANAGEMENT: >STATE:1507540000,GET_CONFIG,,,,,,
Mon Oct 09 11:06:40 2017 SENT CONTROL [clearos72.ravel.hr]: 'PUSH_REQUEST' (status=1)
Mon Oct 09 11:06:40 2017 AUTH: Received control message: AUTH_FAILED
Mon Oct 09 11:06:40 2017 SIGUSR1[soft,auth-failure] received, process restarting
Mon Oct 09 11:06:40 2017 MANAGEMENT: >STATE:1507540000,RECONNECTING,auth-failure,,,,,
Mon Oct 09 11:06:40 2017 Restart pause, 5 second(s)
Mon Oct 09 11:06:53 2017 MANAGEMENT: Client disconnected
Mon Oct 09 11:06:53 2017 ERROR: could not read Auth username/password/ok/string from management interface
Mon Oct 09 11:06:53 2017 Exiting due to fatal error

Server side log:
Oct 9 13:09:21 clearos72 openvpn: pam_unix(openvpn:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=bfranc
Oct 9 13:09:21 clearos72 openvpn: pam_ldap(openvpn:auth): Authentication failure; user=bfranc

Automatic OpenVPN settings used, no modifications made.
Users login into web gui successfully (download VPN config and keys) and connect to samba shared drives successfully.

Can You help with this issue?

Regards to all!
In OpenVPN
Tuesday, October 10 2017, 09:00 AM
Share this post:

Accepted Answer

Tuesday, October 10 2017, 11:43 AM - #Permalink
Resolved
1 votes
Have you by any chance set a password policy in the directory manager app?

Can you also just verify connections work without user/pass authentication by commenting out the auth-user-pass line in the ovpn file and also the "plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn" line in /etc/clients.conf, then restart OpenVPN? You should find you can get a connection without being prompted for a user/pass.
The reply is currently minimized Show
Responses (2)
  • Accepted Answer

    Tuesday, October 10 2017, 03:36 PM - #Permalink
    Resolved
    0 votes
    This is an obscure bug which turned up recently. From memory, if you want a password policy you can have it but, after you enable the password policy, you need to go into /etc/nlscd.conf and switch the last two blocks of parameters round.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, October 10 2017, 02:58 PM - #Permalink
    Resolved
    0 votes
    Hi,

    The password policy was set. I turned it off now, and it's working. Clients login from OpenVPN successfully.

    Policies
    Publish Policy Local Network
    Accounts Access Disabled

    I didn't edit the clients.conf file as suggested above as the first idea fixed the issue.

    Thanks for the response!
    The reply is currently minimized Show
Your Reply