Hi,
We are using libpam google authenticator to authenticate openvpn users on a Ubuntu 18.04 server. Since last month while creating new users they were not able to authenticate via MFA code. All the existing users are not affected only new users are affected. The gauth user password was found expired last month, I think the issue started after that. Tested authentication with Pamtester and getting the same for new users. Any solution to this problem.
I'm attaching the audit log
pam_unix(su:session): session opened for user gauth by root(uid=0)
bastion su[30012]: pam_sss(su:session): Request to sssd failed. Connection refused
pam_systemd(su:session): Cannot create session: Already running in a session
bastion su[30012]: pam_unix(su:session): session closed for user gauth
bastion su[30012]: pam_sss(su:session): Request to sssd failed. Connection refused
bastion openvpn(pam_google_authenticator)[30089]: Invalid verification code for new_user
bastion pamtester[30089]: pam_unix(openvpn:auth): auth could not identify password for [new_user]
Hi, We are using libpam google authenticator to authenticate openvpn users on a Ubuntu 18.04 server. Since last month while creating new users they were not able to authenticate via MFA code. All the existing users are not affected only new users are affected. The gauth user password was found expired last month, I think the issue started after that. Tested authentication with Pamtester and getting the same for new users. Any solution to this problem.
I'm attaching the audit log
pam_unix(su:session): session opened for user gauth by root(uid=0) bastion su[30012]: pam_sss(su:session): Request to sssd failed. Connection refused pam_systemd(su:session): Cannot create session: Already running in a session bastion su[30012]: pam_unix(su:session): session closed for user gauth bastion su[30012]: pam_sss(su:session): Request to sssd failed. Connection refused
bastion openvpn(pam_google_authenticator)[30089]: Invalid verification code for new_user bastion pamtester[30089]: pam_unix(openvpn:auth): auth could not identify password for [new_user]