FreeBSD Bugzilla – Attachment 145155 Details for
Bug 190497
security/openvpn-auth-ldap: Plugin fails to initialize
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
How to reproduce the proplem
turorial.txt (text/plain), 3.61 KB, created by
a.ulasov
on 2014-07-30 11:04:42 UTC
(
hide
)
Description:
How to reproduce the proplem
Filename:
MIME Type:
Creator:
a.ulasov
Created:
2014-07-30 11:04:42 UTC
Size:
3.61 KB
patch
obsolete
>Install /usr/ports/security/openvpn and /usr/ports/security/openvpn-auth-ldap respectively. > ># Options for openvpn-2.3.4 >_OPTIONS_READ=openvpn-2.3.4 >_FILE_COMPLETE_OPTIONS_LIST=DOCS EASYRSA EXAMPLES PKCS11 PW_SAVE OPENSSL POLARSSL >OPTIONS_FILE_SET+=DOCS >OPTIONS_FILE_SET+=EASYRSA >OPTIONS_FILE_SET+=EXAMPLES >OPTIONS_FILE_UNSET+=PKCS11 >OPTIONS_FILE_UNSET+=PW_SAVE >OPTIONS_FILE_SET+=OPENSSL >OPTIONS_FILE_UNSET+=POLARSSL > ># Options for openvpn-auth-ldap-2.0.3_6 >_OPTIONS_READ=openvpn-auth-ldap-2.0.3_6 >_FILE_COMPLETE_OPTIONS_LIST=DOCS EXAMPLES >OPTIONS_FILE_SET+=DOCS >OPTIONS_FILE_SET+=EXAMPLES > >Then you could see in /var/log/message all the packages that were installed with openvpn-2.3.4 openvpn-auth-ldap-2.0.3_6 > >pkg-static: lzo2-2.08 installed >pkg-static: easy-rsa-2.2.0.m installed >pkg-static: openvpn-2.3.4 installed >pkg-static: re2c-0.13.6 installed >pkg-static: libobjc2-1.7_1 installed >pkg-static: openldap-client-2.4.39_1 installed >pkg-static: openvpn-auth-ldap-2.0.3_6 installed > > >Make directories for config files and keys > >mkdir -p /usr/local/etc/openvpn/keys > >You can use keys for testing in /usr/local/share/examples/openvpn/sample-keys or generate the new keys if you want. > >My config files for openvpn and openvpn-auth-ldap > >/usr/local/etc/openvpn/openvpn.conf >port 1199 >proto tcp >dev tun0 >user nobody >group nobody >plugin /usr/local/lib/openvpn-auth-ldap.so "/usr/local/etc/openvpn/ovpn-oldap.conf" >username-as-common-name >client-cert-not-required >persist-key >persist-tun >ca /usr/local/etc/openvpn/keys/ca.crt >cert /usr/local/etc/openvpn/keys/server.crt >key /usr/local/etc/openvpn/keys/server.key >dh /usr/local/etc/openvpn/keys/dh1024.pem >cipher DES-CBC >push "route 10.0.0.0 255.255.255.0" >push "dhcp-option DNS 10.0.0.15" >push "dhcp-option DNS 10.0.0.5" >push "dhcp-option DOMAIN 3wstyle.local" >keepalive 10 60 >server 192.168.77.0 255.255.255.0 >duplicate-cn >tls-server >tls-auth /usr/local/etc/openvpn/keys/ta.key 0 >tls-timeout 120 >verb 3 >comp-lzo > > >/usr/local/etc/openvpn/ovpn-oldap.conf ><LDAP> >URL ldap://ldap.mydomain.ru >BindDN cn=Administrator,dc=mydomain,dc=ru >Password secret >TLSEnable No >Timeout 10 ></LDAP> > ><Authorization> ># Base DN >BaseDN "ou=People,dc=mydomanin,dc=ru" > ># User Search Filter >SearchFilter "(&(uid=%u)(objectClass=posixAccount)(objectClass=sambaSamAccount))" ># Require Group Membership >RequireGroup true > ><Group> >BaseDN "ou=Group,dc=mydomain,dc=ru" >SearchFilter "(cn=openvpn)" >MemberAttribute member ></Group> ></Authorization> > > > >Add in /etc/rc.conf > >openvpn_enable="YES" >openvpn_if="tun" >openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf" > >Add in /etc/syslog.conf and restart syslogd >!openvpn >*.* /var/log/openvpn.log > >Start openvpn daemon /usr/local/etc/rc.d/openvpn start > >And you can see errors in /var/log/openvpn.log or /var/log/messages > >openvpn[36889]: OpenVPN 2.3.4 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 30 2014 >openvpn[36889]: library versions: OpenSSL 1.0.1e-freebsd 11 Feb 2013, LZO 2.08 >openvpn[36889]: PLUGIN_INIT: POST /usr/local/lib/openvpn-auth-ldap.so '[/usr/local/lib/openvpn-auth-ldap.so] [/usr/local/etc/openvpn/ovpn-oldap.conf]' intercepted=PLUGIN_UP|PLUGIN_DOWN|PLUGIN_ROUTE_UP|PLUGIN_IPCHANGE|PLUGIN_TLS_VERIFY|PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT|PLUGIN_LEARN_ADDRESS|PLUGIN_CLIENT_CONNECT|PLUGIN_TLS_FINAL|PLUGIN_ENABLE_PF|PLUGIN_ROUTE_PREDOWN >openvpn[36889]: PLUGIN_INIT: plugin initialization function failed: /usr/local/lib/openvpn-auth-ldap.so >openvpn[36889]: Exiting due to fatal error >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=145155">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 190497
: 145155 |
145206
|
145207
|
151392
|
151467
|
151535
|
151536
|
151796
|
151797
|
151798
|
151799