Open akha666 opened 5 years ago
With this change, only the main streisand username / password is required to connect. Where did the certificate authentication go?
Edit: Looks like when using OpenConnect through Shimo, Shimo just refuses to do certificate authentication against Streisand ocsserv, even when configured to do so. And because of the "acct = pam" line in the configuration file, user/password authentication fails by default.
How to log into the Digital Ocean droplet to change the conf file? Since the droplet was created by ansible.
How to log into the Digital Ocean droplet to change the conf file? Since the droplet was created by ansible.
follow this link https://www.digitalocean.com/docs/droplets/how-to/connect-with-ssh/ and use your generated private key for streisand. the default user name is root.
Hello,
I'm still unable to connect via openconnect by commenting this line "acct=pam". Please can someone assist? Thanking in advance.
EDIT: rebooting the server, was able to connect
I had the same issue. Commenting out 'acct=pam' in /etc/ocserv/ocserv.conf solved the problem. sudo systemctl restart ocserv
instead of a reboot was enough.
My client was openconnect on a Ubuntu 18.04 box.
I had the same issue. Commenting out 'acct=pam' in /etc/ocserv/ocserv.conf solved the problem.
sudo systemctl restart ocserv
instead of a reboot was enough. My client was openconnect on a Ubuntu 18.04 box.
+1
Thank you @akha666 , this solved the issue for me as well. I tried to connect from a PC running Archlinux and I was not able to connect either via command line nor with the NetworkManager openconnect plug-in.
From the ocserv manual I understand that the setting acct = pam
is useful when the openconnect user is a local user on the server. Streisand does not create a streisand
user in /etc/passwd
, at least on my installation.
With this change, only the main streisand username / password is required to connect. Where did the certificate authentication go?
@the-darkvoid Where are the instructions for certificate authentication you mentioned? In the Streisand Gateway pages I only see user and password for openconnect...
I just skipped the first part of documentation! My bad! I found the certificates and I can confirm that connection does work with certificates and acct = pam
commented.
Hello, I've got an issue with OpenConnect after the Streisand deployed with DigitalOcean. Error establishing the CSTP channel Disconnected
I disabled "acct = pam" in /etc/ocserv/ocserv.conf, now the OpenConnect-GUI can connect to the server
Ansible Information
Streisand Information
Enabled Roles