Closed zhaowei2021 closed 2 years ago
ok? This needs way more information, such as config (both PAM and openvpn), and how password was entered. And debug logs.
好的?这需要更多的信息,例如配置(PAM 和 openvpn)以及如何输入密码。和调试日志。
My openvpn server.conf: local 10.0.4.138 port 1194 proto udp dev tun topology subnet ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh2048.pem tls-auth keys/ta.key 0 server 172.16.251.0 255.255.255.0 push "route 10.8.0.0 255.255.0.0" keepalive 10 120 comp-lzo persist-key persist-tun cipher AES-256-CBC verb 3 status logs/openvpn-status.log log logs/openvpn.log log-append logs/openvpn.log plugin /opt/openvpn/openvpn-auth-pam.so "openvpn login USERNAME password PASSWORD pin OTP" reneg-sec 0 username-as-common-name
client.conf: client dev tun proto udp remote 10.0.4.138 1194 resolv-retry infinite remote-random nobind persist-key persist-tun ca ca.crt cipher AES-256-CBC auth-user-pass auth-nocache remote-cert-tls server comp-lzo static-challenge "Enter Google Authenticator Token" 1 reneg-sec 0
pam conf: auth required pam_google_authenticator.so user=root secret=/export/data/google_auth/${USER} authtok_prompt=pin auth [success=1 default=ignore] pam_unix.so nullok_secure
Thanks
好的?这需要更多的信息,例如配置(PAM 和 openvpn)以及如何输入密码。和调试日志。
/var/log/secure Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: debug: start of google_authenticator for "zhaowei" Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: debug: Secret file permissions are 0600. Allowed permissions are 0600 Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: debug: "/export/data/google_auth/zhaowei" read Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: debug: shared secret in "/export/data/google_auth/zhaowei" processed Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: debug: google_authenticator for host "(null)" Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: Invalid verification code for zhaowei Aug 6 15:40:27 localhost openvpn(pam_google_auth)[14219]: debug: end of google_authenticator for "zhaowei". Result: Authentication failure Aug 6 15:40:27 localhost openvpn[14219]: pam_unix(openvpn:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=zhaowei