openvpn 使用 pam_mysql 认证通不过的问题测试可以通过,但实际登录并不成功,大家帮忙看一下
环境:
Gentoo Linux
mysql-5.0.54
pam_mysql-0.7_rc1-r1
openvpn-2.1_rc7
配置:
server.conf
port 443
proto tcp
dev tap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.1.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
log-append /etc/openvpn/openvpn.log
status /etc/openvpn/openvpn-status.log
verb 5
client-to-client
client-cert-not-required
username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn
client.conf
client
dev tap
proto tcp
remote xx.xx.xx.xx 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
comp-lzo
verb 3
auth-user-pass
/etc/pam.d/openvpn
auth sufficient pam_mysql.so user=openvpn passwd=OPENVPN host=localhost db=openvpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2 verbose=1
account required pam_mysql.so user=openvpn passwd=OPENVPN host=localhost db=openvpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2 verbose=1
Gateway openvpn # testsaslauthd -uopenvpn -ptest -sopenvpn
0: OK "Success."
Gateway openvpn #
但是http://www.99366.net,客户端连接失败
日志中的错误信息:
/var/log/messages
Mar 30 12:05:28 Gateway openvpn: PAM unable to dlopen(/lib/security/pam_mysql.so)
Mar 30 12:05:28 Gateway openvpn: PAM
Mar 30 12:05:28 Gateway openvpn: PAM adding faulty module: /lib/security/pam_mysql.so
Mar 30 12:05:3
改solaris 8的ip地址的问题
7 Gateway openvpn: PAM unable to dlopen(/lib/security/pam_mysql.so)
Mar 30 12:05:37 Gateway openvpn: PAM
Mar 30 12:05:37 Gateway openvpn: PAM adding faulty module: /lib/security/pam_mysql.so
/etc/openvpn/openvpn.log
Sun Mar 30 12:05:36 2008 us=99387 MULTI: multi_create_instance called
Sun Mar 30 12:05:36 2008 us=99483 Re-using SSL/TLS context
Sun Mar 30 12:05:36 2008 us=99510 LZO compression initialized
Sun Mar 30 12:05:36 2008 us=99617 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Mar 30 12:05:36 2008 us=99645 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Mar 30 12:05:36 2008 us=99706 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Mar 30 12:05:36 2008 us=99829 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Mar 30 12:05:36 2008 us=99892 Local Options hash (VER=V4): '3e6d1056'
Sun Mar 30 12:05:36 2008 us=99922 Expected Remote Options hash (VER=V4): '31fdf004'
Sun Mar 30 12:05:36 2008 us=99967 TCP connection established with 124.163.160.168:2596
Sun Mar 30 12:05:36 2008 us=99993 Socket Buffers: R= S=
Sun Mar 30 12:05:36 2008 us=100018 TCPv4_SERVER link local:
Sun Mar 30 12:05:36 2008 us=100043 TCPv4_SERVER link remote: 124.163.160.168:2596
RSun Mar 30 12:05:36 2008 us=100205 124.163.160.168:2596 TLS: Initial packet from 124.163.160.168:2596, sid=9cd42520 4212ad44
WRRWWWWRWRWRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRAUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER/PASS: openvpn/test
AUTH-PAM: BACKGROUND: user 'openvpn' failed to authenticate: Permission denied
Sun Mar 30 12:05:37 2008 us=4457 124.163.160.168:2596 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Sun Mar 30 12:05:37 2008 us=4491 124.163.160.168:2596 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-pam.so
Sun Mar 30 12:05:37 2008 us=4515 124.163.160.168:2596 TLS Auth Error: Auth Username/Password verification failed for peer
WWWRRSun Mar 30 12:05:37 2008 us=249348 124.163.160.168:2596 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sun Mar 30 12:05:37 2008 us=249400 124.163.160.168:2596 [] Peer Connection Initiated with 124.163.160.168:2596
RSun Mar 30 12:05:38 2008 us=256906 124.163.160.168:2596 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar 30 12:05:38 2008 us=256957 124.163.160.168:2596 SENT CONTROL : 'AUTH_FAILED' (status=1)
Sun Mar 30 12:05:38 2008 us=256977 124.163.160.168:2596 Delayed exit in 5 seconds
WWSun Mar 30 12:05:38 2008 us=485369 124.163.160.168:2596 Connection reset, restarting
Sun Mar 30 12:05:38 2008 us=485396 124.163.160.168:2596 SIGUSR1 received, client-instance restarting
Sun Mar 30 12:05:38 2008 us=485493 TCP/UDP: Closing socket
--转自