wheelybird
commented
1 month ago I don't know - you haven't provided any logs or further information. My guess is that you haven't read the README. You need to set up MFA for a user and then append the OTP to the password when logging in: https://github.com/wheelybird/openvpn-server-ldap-otp?tab=readme-ov-file#using-otp
I can also see that you haven't changed the volume path to somewhere suitable on the host. Change --volume /path/on/host:/etc/openvpn to something useful like --volume /opt/openvpn-otp:/etc/openvpn
If you have set up MFA already then you can debug authentication by execing into the container and using pamtester, as follows:
You'll need to get a shell in the existing container: docker exec -ti {container name} bash
Now install some packages: apt-get install -y pamtester psmisc
Kill the existing nslcd process: killall nslcd
Start a new background process with debugging enabled: nslcd -d &
Now you can run pamtester: pamtester openvpn {your username} authenticate
skysungod007
Hello,@wheelybird If I set "ENABLE_OTP=true",LDAP use authentication fails;If I no set "ENABLE_OTP=true",LDAP use authentication succes. so why otp set fails?
my docker container: docker run \ --name openvpn \ --volume /path/on/host:/etc/openvpn \ --detach=true \ --restart=always \ -p 1194:1194/udp \ -e "OVPN_SERVER_CN=ldap.moon.com" \ -e "LDAP_URI=ldap://192.168.100.10:389" \ -e "LDAP_TLS_VALIDATE_CERT=false" \ -e "LDAP_BASE_DN=dc=moon,dc=com" \ -e "LDAP_BIND_USER_DN=cn=admin,dc=moon,dc=com" \ -e "LDAP_BIND_USER_PASS=xxyyzzaabbc" \ -e "LOG_TO_STDOUT=false" \ -e "OVPN_ROUTES=172.17.0.0 255.255.0.0" \ -e "OVPN_NAT=false" \ -e "OVPN_DNS_SERVERS=8.8.8.8" \ -e "ENABLE_OTP=true" \ --cap-add=NET_ADMIN \ wheelybird/openvpn-ldap-otp:v1.8
thanks