search

threerings / openvpn-auth-ldap

Implements username/password authentication via LDAP for OpenVPN 2.x.
Other
135 stars 63 forks source link

on freebsd 9.x or 10.x not working #38

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Freebsd 9.x or 10.x install
2. Install openvpn-auth-ldap package (version 2.0.3)
3. configure to use it in ldap.conf:
plugin /usr/local/lib/openvpn-auth-ldap.so "/usr/local/etc/openvpn/ldap.conf"

What is the expected output? What do you see instead?
Not staring openvpn, because in log (with verb 11):
Sun Jun 22 11:52:07 2014 us=259528 Current Parameter Settings:
Sun Jun 22 11:52:07 2014 us=260003   config = 
'/usr/local/etc/openvpn/openvpn.conf'
Sun Jun 22 11:52:07 2014 us=260023   mode = 1
Sun Jun 22 11:52:07 2014 us=260041   show_ciphers = DISABLED
Sun Jun 22 11:52:07 2014 us=260063   show_digests = DISABLED
Sun Jun 22 11:52:07 2014 us=260080   show_engines = DISABLED
Sun Jun 22 11:52:07 2014 us=260097   genkey = DISABLED
Sun Jun 22 11:52:07 2014 us=260114   key_pass_file = '[UNDEF]'
Sun Jun 22 11:52:07 2014 us=260130   show_tls_ciphers = DISABLED
Sun Jun 22 11:52:07 2014 us=260147 Connection profiles [default]:
Sun Jun 22 11:52:07 2014 us=260165   proto = udp
Sun Jun 22 11:52:07 2014 us=260182   local = '****hostnam***'
Sun Jun 22 11:52:07 2014 us=260198   local_port = 1194
Sun Jun 22 11:52:07 2014 us=260215   remote = '[UNDEF]'
Sun Jun 22 11:52:07 2014 us=260233   remote_port = 1194
Sun Jun 22 11:52:07 2014 us=260250   remote_float = DISABLED
Sun Jun 22 11:52:07 2014 us=260267   bind_defined = DISABLED
Sun Jun 22 11:52:07 2014 us=260284   bind_local = ENABLED
Sun Jun 22 11:52:07 2014 us=260300   connect_retry_seconds = 5
Sun Jun 22 11:52:07 2014 us=260317   connect_timeout = 10
Sun Jun 22 11:52:07 2014 us=260334 NOTE: --mute triggered...
Sun Jun 22 11:52:07 2014 us=260367 213 variation(s) on previous 20 message(s) 
suppressed by --mute
Sun Jun 22 11:52:07 2014 us=260385 OpenVPN 2.3.4 amd64-portbld-freebsd10.0 [SSL 
(OpenSSL)] [LZO] [MH] [IPv6] built on May 31 2014
Sun Jun 22 11:52:07 2014 us=260409 library versions: OpenSSL 1.0.1e-freebsd 11 
Feb 2013, LZO 2.06
Sun Jun 22 11:52:07 2014 us=260745 PLUGIN_INIT: POST 
/usr/local/lib/openvpn-auth-ldap.so '[/usr/local/lib/openvpn-auth-ldap.so] 
[/usr/local/etc/openvpn/ldap.conf]' 
intercepted=PLUGIN_UP|PLUGIN_DOWN|PLUGIN_ROUTE_UP|PLUGIN_IPCHANGE|PLUGIN_TLS_VER
IFY|PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT|
PLUGIN_LEARN_ADDRESS|PLUGIN_CLIENT_CONNECT|PLUGIN_TLS_FINAL|PLUGIN_ENABLE_PF|PLU
GIN_ROUTE_PREDOWN
Sun Jun 22 11:52:07 2014 us=260766 PLUGIN_INIT: plugin initialization function 
failed: /usr/local/lib/openvpn-auth-ldap.so
Sun Jun 22 11:52:07 2014 us=260799 Exiting due to fatal error

What version of the product are you using? On what operating system?
Freebsd 9 or 10, openvpn-auth-ldap version 

Please provide any additional information below.
Earlier the same config on Freebsd 8 it worked, others see the same, like:
https://forums.freebsd.org/viewtopic.php?f=43&t=46922
http://lists.freebsd.org/pipermail/freebsd-bugs/2014-June/056360.html

Tried to create from source with gcc47 but that was worst:
Sun Jun 22 19:16:10 2014 us=463109 PLUGIN_INIT: could not load plugin shared 
object /usr/local/lib/openvpn-auth-ldap.so: 
/usr/local/lib/openvpn-auth-ldap.so: Undefined symbol "objc_msgSendSuper"
Sun Jun 22 19:16:10 2014 us=463596 Exiting due to fatal error

Original issue reported on code.google.com by blackluc...@gmail.com on 22 Jun 2014 at 5:27

GoogleCodeExporter commented 9 years ago 
The FreeBSD bug report lives at 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=190497

Original comment by matthias...@gmx.de on 3 Aug 2014 at 8:44

GoogleCodeExporter commented 9 years ago 
Apparently the real problem on newer FreeBSD releases (9.x and newer) is that 
newer compiler versions have also moved on to a "lighter", near-trivial, 
"Object" base class that no longer provides static/class methods such as 
+alloc.  

IOW, it seems necessary to either implement the missing methods in a 
project-specific base class that, or to port auth-ldap to some framework 
(gnustep-base perhaps?) that provides the necessary +alloc and other methods.

I cannot do that due to a current lack of ObjC-fu.

Original comment by matthias...@gmx.de on 4 Aug 2014 at 3:56

GoogleCodeExporter commented 9 years ago 
Build log at http://people.freebsd.org/~mandree/openvpn-auth-ldap-2.0.3_8.log

Original comment by matthias...@gmx.de on 4 Aug 2014 at 3:59

GoogleCodeExporter commented 9 years ago 
This sucks and I hope someone can figure out how to fix it soon.  Got all the 
way through an update on my firewall and found out my 2fa openvpn setup was now 
broken.  As a workaround I whipped up this simple perl script to do LDAP auth 
with.  If anyone else is stuck I hope this can tide you over until the compiled 
version is fixed.

Original comment by aa...@digitalmediums.com on 16 Sep 2014 at 10:48

Attachments:

GoogleCodeExporter commented 9 years ago 
Placed it on a github incase it helps anyone
https://github.com/analogrithems/openvpn-auth-ldap-perl

Original comment by aa...@digitalmediums.com on 16 Sep 2014 at 11:09