ocserv: config-per-group not read if group comes from certificate
Norbert Paschedag
noe at physik.uzh.ch
Wed Sep 24 05:41:29 PDT 2014
Hi,
I'm trying to set up ocserv so it can be used by anyconnect users.
Authentication is done via certificates and passwords (via pam).
The group is determined from the cert DN and there's no group selector
(although anyconnect displays the group).
Both user and group are correctly shown in the debug output:
ocserv[12766]: sec-mod: auth init for user 'testuser' (group: 'vpntest') from '192.168.2.13'
The config-per-group files, however, are not being read at all and it
seems that the proc->groupname seen in get_sup_config() is empty.
config-per-user _is_ read correctly.
I was using ocserv 0.8.4 as well as the latest git version.
My group-related config:
cert-group-oid = 2.5.4.3
auto-select-group = true
config-per-group = /etc/ocserv/config-per-group/
Any idea where or why the group information is lost ?
Regards,
Norbert
More information about the openconnect-devel
mailing list