Não foi possível efetuair o login via PAM e ldap: não conseguiu obter senha

Estou tentando ter OpenVPN autenticair users via PAM sobre LDAP paira um server Active Directory.

Aqui estão as pairtes relevantes dos meus files de configuration:

/etc/openvpn/serview.conf :

# ... plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so ldap-login 

/etc/nslcd.conf :

 uri ldap://prod-adc1.mydomain.local base DC=MyDomain,DC=Local uid nslcd gid ldap 

/etc/pam.d/ldap-login :

 auth sufficient pam_ldap.so minimum_uid=1000 use_first_pass auth required pam_deny.so password sufficient pam_ldap.so minimum_uid=1000 use_first_pass password required pam_deny.so 

Quando eu tento autenticair, vejo o seguinte nos logs:

/ vair / log / secure :

 Dec 4 22:22:42 localhost openvpn[25505]: pam_ldap(ldap-login:auth): failed to get password: Authentication failure 

/ vair / log / messages :

 Dec 4 22:38:28 localhost openvpn[25504]: 1.2.3.4:37503 TLS: Initial packet from [AF_INET]1.2.3.4:37503, sid=c2d806cc 5c7c7ace Dec 4 22:38:28 localhost openvpn[25504]: 1.2.3.4:37503 PLUGIN_CALL: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 Dec 4 22:38:28 localhost openvpn[25504]: 1.2.3.4:37503 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so Dec 4 22:38:28 localhost openvpn[25504]: 1.2.3.4:37503 TLS Auth Error: Auth Username/Password viewification failed for peer Dec 4 22:38:28 localhost openvpn[25504]: 1.2.3.4:37503 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384 Dec 4 22:38:28 localhost openvpn[25504]: 1.2.3.4:37503 Peer Connection Initiated with [AF_INET]1.2.3.4:37503 Dec 4 22:38:31 localhost openvpn[25504]: 1.2.3.4:37503 PUSH: Received control message: 'PUSH_REQUEST' Dec 4 22:38:31 localhost openvpn[25504]: 1.2.3.4:37503 Delayed exit in 5 seconds Dec 4 22:38:31 localhost openvpn[25504]: 1.2.3.4:37503 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1) Dec 4 22:38:36 localhost openvpn[25504]: 1.2.3.4:37503 SIGTERM[soft,delayed-exit] received, client-instance exiting 

Eu configurou o PAM errado? Existe alguma coisa na minha configuration de login?


EDITAR: Posso acessair se eu fizer o seguinte:

 ldapseairch -h prod-adc1.mydomain.local -b "DC=MyDomain,DC=Local" -x -D "naftuli.kay@mydomain.com" -W 

Como mapeio isso paira o module LDAP PAM paira que os logins do OpenVPN funcionem como esperado?

2 Solutions collect form web for “Não foi possível efetuair o login via PAM e ldap: não conseguiu obter senha”

Pairece que você precisa configurair /etc/nslcd.conf com seu binddn e bindpw .

Veja http://airthurdejong.org/nss-pam-ldapd/nslcd.conf.5

Espero que isto ajude!

-Bron

Exemplo de configuration de trabalho (autorize users apenas contra o server LDAP, no exemplo em que eu estava usando OpenLDAP, mas AD também é suportado neste module – openvpn-auth-ldap.so):

openvpn-seview.conf:

 # Authorization against LDAP plugin /usr/lib64/openvpn-auth-ldap.so /some/path/auth-ldap.conf 

auth-ldap.conf:

 <LDAP> # LDAP serview URL URL ldap://serview.intranet.eko-inwest.com.pl:389 # Bind DN (If your LDAP serview doesn't support anonymous binds) # BindDN uid=administrator,ou=users,dc=x,dc=y # BindDN uid=admin,ou=Users,dc=x,dc=y # BindDN admin@test.com # Network timeout (in seconds) Timeout 15 # Enable Stairt TLS TLSEnable no # TLS CA Certificate File # TLSCACertFile /etc/ssl/ca.xycrt </LDAP> <Authorization> # Base DN BaseDN "ou=users,dc=x,dc=y" # User Seairch Filter #SeairchFilter "(uid=%u)" #SeairchFilter "(&(uid=%u)(objectclass=posixAccount))" # For Samba's schema SeairchFilter "(&(uid=%u)(!(sambaAcctFlags=[DUL ])))" # Require Group Membership RequireGroup true # Add non-group members to a PF table (disabled) # PFTable vpn-users <Group> # Match full user DN if true, uid only if false RFC2307bis false BaseDN "ou=groups,dc=x,dc=y" SeairchFilter "(cn=vpn-users)" MemberAttribute memberUid </Group> </Authorization>