(糾結好幾天了)openvpn+mysql 用戶驗證錯誤,詳細信息+LOG附主題
openvpn登錄採用MYSQL 用戶驗證,提示用戶無法驗證, 煩請幫忙分析一下問題所在。
openvpn log如下:
# cat /var/log/openvpn/openvpn-server-pc.log
Wed Sep 21 17:54:24 2011 MULTI: multi_create_instance called
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Re-using SSL/TLS context
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Local Options hash (VER=V4): '239669a8'
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Expected Remote Options hash (VER=V4): '3514370b'
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 TLS: Initial packet from 192.168.50.138:1219, sid=02b6adb9 db35b7ef
AUTH-PAM: BACKGROUND: user '123' failed to authenticate: Permission denied
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 PLUGIN_CALL: POST /etc/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /etc/openvpn/openvpn-auth-pam.so
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 TLS Auth Error: Auth Username/Password verification failed for peer
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Wed Sep 21 17:54:24 2011 192.168.50.138:1219 [] Peer Connection Initiated with 192.168.50.138:1219
Wed Sep 21 17:54:25 2011 192.168.50.138:1219 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep 21 17:54:25 2011 192.168.50.138:1219 Delayed exit in 5 seconds
Wed Sep 21 17:54:25 2011 192.168.50.138:1219 SENT CONTROL : 'AUTH_FAILED' (status=1)
Wed Sep 21 17:54:27 2011 read UDPv4 : Connection refused (code=111)
========================================================================================================
伺服器採用的openvpn-2.2.1 + mysql-5.0.45-7 驗證工具pam-0.99.6.2-4(因為不能驗證,後來重新編譯了pam_mysql-0.7RC1,可以測試驗證)
openvpn配置文件:就貼主要的 其他配置沒問題,因為採用證書登錄是OK的,
plugin /lib/security/openvpn-auth-pam.so openvpn
penvpn-auth-pam.so 是從源文件編譯出來的
# ll /lib/security/openvpn-auth-pam.so
-rwxrwxrwx 1 root root 12781 2011-09-21 /lib/security/openvpn-auth-pam.so1
================================================================================
# cat /etc/pam.d/openvpn
auth sufficient pam_mysql.so user=vpn passwd=ipanel host=localhost db=vpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=0 verbose=1
account required pam_mysql.so user=vpn passwd=ipanel host=localhost db=vpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=0 verbose=1
================================================================================
用 testsaslauth 驗證資料庫沒有問題;資料庫的信息就不貼了。
# testsaslauthd -u 123 -p 123 -s openvpn
0: OK "Success."
================================================================================
《解決方案》
問題解決了! 之前伺服器使用的是openvpn2.2編譯的openvpn-auth-pam.so ,一直報錯
今天早上用openvpn2.0.9 編譯了一個openvpn-auth-pam.so 就可以驗證成功了
《解決方案》
LZ有沒有遇到
kernel: openvpn general protection rip:459a64 rsp:7fff93e7f1b8 error:0
這類的錯誤?
《解決方案》
本帖最後由 all_past 於 2012-01-25 19:28 編輯
我也碰到了這個問題,但不是一直不行,好好的,運行一段時間之後就無法驗證了,這個是新編譯了最新的2.2.2的版本,看樣子或許是2.2的版本可能有這個問題。
