歡迎您光臨本站 註冊首頁

openvpn 用戶名密碼認證無法通過

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

openvpn 用戶名密碼認證無法通過

配置如下
/etc/pam.d/ openvpn
auth sufficient  /lib/security/pam_mysql.so user=vpn passwd=123vpn host=localhost db=vpn table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2
account required /lib/security/pam_mysql.so user=vpn passwd=123vpn host=localhost db=vpn  table=vpnuser usercolumn=name passwdcolumn=password where=active=1 sqllog=0 crypt=2


/etc/openvpn/server.conf

local 123.2.1.2
port 1194
proto udp
dev tun
ca /usr/local/etc/vpnkeys/ca.crt
cert /usr/local/etc/vpnkeys/vpn_server.crt
key /usr/local/etc/vpnkeys/vpn_server.key  # This file should be kept secret
dh /usr/local/etc/vpnkeys/dh1024.pem
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist /usr/local/etc/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "dhcp-option DNS 61.139.2.69"
client-to-client
keepalive 10 120
comp-lzo
max-clients 100
persist-key
persist-tun
status /tmp/openvpn-status.log
log    /var/log/openvpn.log
verb 5
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name


Mon Apr 20 14:33:29 2009 us=958959 MULTI: multi_create_instance called
Mon Apr 20 14:33:29 2009 us=959035 123.2.1.2:3659 Re-using SSL/TLS context
Mon Apr 20 14:33:29 2009 us=959057 123.2.1.2:3659 LZO compression initialized
Mon Apr 20 14:33:29 2009 us=959158 123.2.1.2:3659 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Apr 20 14:33:29 2009 us=959184 123.2.1.2:3659 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 20 14:33:29 2009 us=959247 123.2.1.2:3659 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Apr 20 14:33:29 2009 us=959265 123.2.1.2:3659 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Apr 20 14:33:29 2009 us=959299 123.2.1.2:3659 Local Options hash (VER=V4): '530fdded'
Mon Apr 20 14:33:29 2009 us=959328 123.2.1.2:3659 Expected Remote Options hash (VER=V4): '41690919'
RMon Apr 20 14:33:29 2009 us=959377 123.2.1.2:3659 TLS: Initial packet from 123.2.1.2:3659, sid=3c76510f 411fdc13
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRAUTH-PAM: BACKGROUND: user 'allen' failed to authenticate: Module is unknown
Mon Apr 20 14:33:30 2009 us=45428 123.2.1.2:3659 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Mon Apr 20 14:33:30 2009 us=45456 123.2.1.2:3659 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so
Mon Apr 20 14:33:30 2009 us=45483 123.2.1.2:3659 TLS Auth Error: Auth Username/Password verification failed for peer
WWWRRRMon Apr 20 14:33:30 2009 us=47197 123.2.1.2:3659 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Mon Apr 20 14:33:30 2009 us=47243 123.2.1.2:3659 [] Peer Connection Initiated with 123.2.1.2:3659
RMon Apr 20 14:33:31 2009 us=158383 123.2.1.2:3659 PUSH: Received control message: 'PUSH_REQUEST'
Mon Apr 20 14:33:31 2009 us=158436 123.2.1.2:3659 SENT CONTROL : 'AUTH_FAILED' (status=1)

[ 本帖最後由 lth0721 於 2009-4-20 14:50 編輯 ]
《解決方案》

已經建立了資料庫vpn ,裡面有表vpnuser 添加了用戶 allen 密碼123456,,感覺像是這麼沒有用到pam_mysql.so呢?

[ 本帖最後由 lth0721 於 2009-4-20 15:06 編輯 ]
《解決方案》

還沒弄過和 mysql 聯合使用的情況……
《解決方案》

還是謝謝白金大大的回復。現在的錯誤是這樣的了、。、

Mon Apr 20 16:46:38 2009 us=843337 123.2.1.243:2975 Local Options hash (VER=V4): '530fdded'
Mon Apr 20 16:46:38 2009 us=843395 123.2.1.2:2975 Expected Remote Options hash (VER=V4): '41690919'
RMon Apr 20 16:46:38 2009 us=843447 123.2.1.2:2975 TLS: Initial packet from 123.2.1.2:2975, sid=530d530f 6d7e953d
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRAUTH-PAM: BACKGROUND: user 'allen' failed to authenticate: Permission denied
Mon Apr 20 16:46:39 2009 us=48768 123.2.1.2:2975 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Mon Apr 20 16:46:39 2009 us=48801 123.2.1.2:2975 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so
Mon Apr 20 16:46:39 2009 us=48828 123.2.1.2:2975 TLS Auth Error: Auth Username/Password verification failed for peer
WWWRRRMon Apr 20 16:46:39 2009 us=50198 123.2.1.2:2975 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Mon Apr 20 16:46:39 2009 us=50237 123.2.1.2:2975 [] Peer Connection Initiated with 221.10.53.243:2975
RMon Apr 20 16:46:40 2009 us=94775 123.2.1.2:2975 PUSH: Received control message: 'PUSH_REQUEST'
Mon Apr 20 16:46:40 2009 us=94834 123.2.1.2:2975 SENT CONTROL : 'AUTH_FAILED' (status=1)
《解決方案》

回復 #4 lth0721 的帖子

整合的表結構是否是正確的
《解決方案》

mysql> desc vpnuser;
+----------+-----------+------+-----+---------+-------+
| Field    | Type      | Null | Key | Default | Extra |
+----------+-----------+------+-----+---------+-------+
| name     | char(20)  | NO   | PRI | NULL    |       |
| password | char(128) | YES  |     | NULL    |       |
| active   | int(10)   | NO   |     | 1       |       |
+----------+-----------+------+-----+---------+-------+
《解決方案》

mysql> select * from vpnuser;
+-------+------------------+--------+
| name  | password         | active |
+-------+------------------+--------+
| allen | 2d0a10547917f706 |      1 |
+-------+------------------+--------+
1 row in set (0.00 sec)
《解決方案》

應該是密碼的加密問題了。。我把crypt=2改為crrpt=0然後在資料庫里加入明文密碼就可以了。。但是這樣很不安全啊
有什麼辦法能夠讓它認識用mysql passwd()函數加密的密碼呢?
《解決方案》

原帖由 lth0721 於 2009-4-20 17:48 發表 http://bbs2.chinaunix.net/images/common/back.gif
應該是密碼的加密問題了。。我把crypt=2改為crrpt=0然後在資料庫里加入明文密碼就可以了。。但是這樣很不安全啊
有什麼辦法能夠讓它認識用mysql passwd()函數加密的密碼呢?


是不是編譯軟體的時候沒有把加密編譯上,或者編譯沒有成功呢。
《解決方案》

編譯的時候加了--with-ssl的 不知道怎麼回事情。反正用password()函數加密的它不認識,用其他的就好了。。呵呵

[火星人 ] openvpn 用戶名密碼認證無法通過已經有783次圍觀

http://coctec.com/docs/service/show-post-23008.html