openvpn+mysql 用户验证错误，详细信息+LOG附主题_MySQL, Oracle及数据库讨论区_Weblogic技术|Tuxedo技术|中间件技术|Oracle论坛|JAVA论坛|Linux/Unix技术|hadoop论坛

总帖数

每页帖数

1/1页

返回列表

发起投票

查看: 2442 | 回复: 0

主题： openvpn+mysql 用户验证错误，详细信息+LOG附主题

oraclexie

注册用户

等级：新兵
经验：36
发帖：67
精华：0
注册：2011-8-21
状态：离线
发送短消息息给oraclexie

加好友发送短消息息给oraclexie

发消息

发表于：

2014-11-19 11:30:37 | [全部帖] [楼主帖]

楼主

openvpn登录采用MYSQL 用户验证，提示用户无法验证，烦请帮忙分析一下问题所在。

openvpn log如下：

# cat /var/log/openvpn/openvpn-server-pc.log
Wed Sep 21 17:54:24 2011 MULTI: multi_create_instance called
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Re-using SSL/TLS context
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Local Options hash (VER=V4): '239669a8'
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Expected Remote Options hash (VER=V4): '3514370b'
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 TLS: Initial packet from 192.168.50.138:1219, sid=02b6adb9 db35b7ef
AUTH-PAM: BACKGROUND: user '123' failed to authenticate: Permission denied
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 TLS Auth Error: Auth Username/Password verification failed for peer
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 [] Peer Connection Initiated with 192.168.50.138:1219
Wed Sep 21 17:54:25 2011 192.168.50.138:1219 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep 21 17:54:25 2011 192.168.50.138:1219 Delayed exit in 5 seconds
Wed Sep 21 17:54:25 2011 192.168.50.138:1219 SENT CONTROL : 'AUTH_FAILED' (status=1)
Wed Sep 21 17:54:27 2011 read UDPv4 : Connection refused (code=111)
========================================================================================================

服务器采用的openvpn-2.2.1 + mysql-5.0.45-7 验证工具pam-0.99.6.2-4（因为不能验证，后来重新编译了pam_mysql-0.7RC1，可以测试验证）

openvpn配置文件：就贴主要的其他配置没问题，因为采用证书登录是OK的，

plugin /lib/security/openvpn-auth-pam.so openvpn

penvpn-auth-pam.so 是从源文件编译出来的

# ll /lib/security/openvpn-auth-pam.so
-rwxrwxrwx 1 root root 12781 2011-09-21 /lib/security/openvpn-auth-pam.so1
================================================================================
# cat /etc/pam.d/openvpn
auth sufficient pam_mysql.so user=vpn passwd=ipanel host=localhost db=vpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=0 verbose=1
account required pam_mysql.so user=vpn passwd=ipanel host=localhost db=vpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=0 verbose=1
================================================================================

用 testsaslauth 验证数据库没有问题；数据库的信息就不贴了。

# testsaslauthd -u 123 -p 123 -s openvpn
0: OK "Success."

--转自