EFW Support

Support => VPN Support => Topic started by: ralves_r on Friday 15 May 2015, 02:52:07 am



Title: auth-user-pass-verify: external program exited with error status: 1 OPENVPN LDAP
Post by: ralves_r on Friday 15 May 2015, 02:52:07 am
Failed running command (--auth-user-pass-verify): external program exited with error status: 1 - OPENVPN Authentication on LDAP

Hello ,
Recently made an update to the version of Endian Firewall 3.0devel to 3.0.5beta1 in my old version i activate OpenVPN authentication in active directory by following the guide Endian on site, in the new version this feature does not work correct, only local user connection work. see log:

Wed May 13 16:46:25 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Wed May 13 16:46:25 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Wed May 13 16:46:25 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed May 13 16:46:25 2015 Need hold release from management interface, waiting...
Wed May 13 16:46:26 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed May 13 16:46:26 2015 MANAGEMENT: CMD 'state on'
Wed May 13 16:46:26 2015 MANAGEMENT: CMD 'log all on'
Wed May 13 16:46:26 2015 MANAGEMENT: CMD 'hold off'
Wed May 13 16:46:26 2015 MANAGEMENT: CMD 'hold release'
Wed May 13 16:46:33 2015 MANAGEMENT: CMD 'username "Auth" "rodrigo.alves"'
Wed May 13 16:46:33 2015 MANAGEMENT: CMD 'password [...]'
Wed May 13 16:46:33 2015 Socket Buffers: R=[65536->65536] S=[64512->64512]
Wed May 13 16:46:33 2015 UDPv4 link local: [undef]
Wed May 13 16:46:33 2015 UDPv4 link remote: [AF_INET]myip:1194
Wed May 13 16:46:33 2015 MANAGEMENT: >STATE:1431546393,WAIT,,,
Wed May 13 16:46:33 2015 MANAGEMENT: >STATE:1431546393,AUTH,,,
Wed May 13 16:46:33 2015 TLS: Initial packet from [AF_INET]myip:1194, sid=ee9ed129 15a74f6b
Wed May 13 16:46:33 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 13 16:46:33 2015 VERIFY OK: depth=1, C=IT, O=efw, CN=efw CA
Wed May 13 16:46:33 2015 VERIFY OK: nsCertType=SERVER
Wed May 13 16:46:33 2015 VERIFY OK: depth=0, C=AF, CN=myip
Wed May 13 16:46:33 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed May 13 16:46:33 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 16:46:33 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed May 13 16:46:33 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed May 13 16:46:33 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed May 13 16:46:33 2015 [myip] Peer Connection Initiated with [AF_INET]myip:1194
Wed May 13 16:46:34 2015 MANAGEMENT: >STATE:1431546394,GET_CONFIG,,,
Wed May 13 16:46:35 2015 SENT CONTROL [myip]: 'PUSH_REQUEST' (status=1)
Wed May 13 16:46:35 2015 AUTH: Received control message: AUTH_FAILED
Wed May 13 16:46:35 2015 SIGUSR1[soft,auth-failure] received, process restarting
Wed May 13 16:46:35 2015 MANAGEMENT: >STATE:1431546395,RECONNECTING,auth-failure,,
Wed May 13 16:46:35 2015 Restart pause, 2 second(s)
#configuration /var/efw/openvpn/settings
AUTHENTICATION_STACK=ldap,local
CA_FILENAME=cacert.pem
CLIENT_TO_CLIENT=on
LDAP_BIND_DN=cn=endian,cn=Users,dc=domain,dc=com,dc=br
LDAP_BIND_PASSWORD=pass
LDAP_URI=ldap://mylocalipAD
LDAP_USER_BASEDN=cn=Users,dc=domain,dc=com,dc=br
LDAP_USER_SEARCHFILTER=(&(objectCategory=person)(objectClass=user)(sAMAccountName=%(u)s))
OPENVPN_ENABLED=on
User connect ok in option Proxy HTTP Authentication,NTLM connection and LDAP.
Configuration OPENVPN Client:
client
dev tap
proto udp
remote myip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
ns-cert-type server
ca cacert.pem
verb 3
comp-lzo



Title: Re: auth-user-pass-verify: external program exited with error status: 1 OPENVPN LDAP
Post by: leotuxbr on Saturday 13 June 2015, 05:02:52 am

 have the same problem after update to 3.0.5 BETA1

 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 1



Authentication Test:

openvpn-auth -i
Username: vpnuser
Password:


2015-06-12 11:14:47,656 - openvpn-auth[22532] - INFO - User 'vpnuser' authenticated by module 'ldap'.


What could be happening?


Title: Re: auth-user-pass-verify: external program exited with error status: 1 OPENVPN LDAP
Post by: borinid on Saturday 10 October 2015, 02:35:12 am
i had the same problem, just change in /etc/openvpn/openvpn.conf.tmpl
from auth-user-pass-verify "/usr/bin/openvpn-auth-user-pass" via-env to   auth-user-pass-verify "/usr/bin/openvpn-auth" via-file
and then restart service.
this will work.



Title: Re: auth-user-pass-verify: external program exited with error status: 1 OPENVPN LDAP
Post by: razvan666666 on Friday 10 February 2017, 10:49:27 pm
Does anyone know how to integrate OpenVPN with LDAP on endian 3.2.2 community


Title: auth user pass verify external program exited with error status 1 OPENVPN LDAP
Post by: Pefecluple on Wednesday 04 October 2017, 03:48:03 am
Region : Others

Model : TL-ER604W

Hardware Version : V1

Firmware Version :

ISP : Cable & Wireless

What MAC VPN client work with the TL-ER604W?