IF uses OTP,LDAP authentication fails
skysungod007 opened this issue · 2 comments
Hello,@wheelybird
If I set "ENABLE_OTP=true",LDAP use authentication fails;If I no set "ENABLE_OTP=true",LDAP use authentication succes.
so why otp set fails?
my docker container:
docker run
--name openvpn
--volume /path/on/host:/etc/openvpn
--detach=true
--restart=always
-p 1194:1194/udp
-e "OVPN_SERVER_CN=ldap.moon.com"
-e "LDAP_URI=ldap://192.168.100.10:389"
-e "LDAP_TLS_VALIDATE_CERT=false"
-e "LDAP_BASE_DN=dc=moon,dc=com"
-e "LDAP_BIND_USER_DN=cn=admin,dc=moon,dc=com"
-e "LDAP_BIND_USER_PASS=xxyyzzaabbc"
-e "LOG_TO_STDOUT=false"
-e "OVPN_ROUTES=172.17.0.0 255.255.0.0"
-e "OVPN_NAT=false"
-e "OVPN_DNS_SERVERS=8.8.8.8"
-e "ENABLE_OTP=true"
--cap-add=NET_ADMIN
wheelybird/openvpn-ldap-otp:v1.8
thanks
I don't know - you haven't provided any logs or further information. My guess is that you haven't read the README. You need to set up MFA for a user and then append the OTP to the password when logging in: https://github.com/wheelybird/openvpn-server-ldap-otp?tab=readme-ov-file#using-otp
I can also see that you haven't changed the volume path to somewhere suitable on the host. Change --volume /path/on/host:/etc/openvpn to something useful like --volume /opt/openvpn-otp:/etc/openvpn
If you have set up MFA already then you can debug authentication by execing into the container and using pamtester, as follows:
You'll need to get a shell in the existing container: docker exec -ti {container name} bash
Now install some packages: apt-get install -y pamtester psmisc
Kill the existing nslcd process: killall nslcd
Start a new background process with debugging enabled: nslcd -d &
Now you can run pamtester: pamtester openvpn {your username} authenticate
thanks,I try do it