Problems with ocserv and Active Directory via SSSD
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Mon Dec 14 13:10:16 EST 2020
On Mon, Dec 14, 2020 at 4:25 PM Tobias Grychtol-Matthaeus
<tgrymatt at mpi-bremen.de> wrote:
>
> Problems with ocserv and Active Directory via SSSD
> Dear all,
>
>
> I have installed ocserv, version 1.1.1-1~bpo10+1 on a Debian 10.7 machine. In the config file I changed the authentication to PAM. The Debian machine is successfully connected to our ActiveDirectory and I can login via SSH with my AD user and the corresponding password. Now I configured on my client openconnect and I logged in with user "root" and established the VPN connection. But if I try to do this with my AD user, the VPN connection will not established.
>
> I found in the /var/log/auth.log
> Dec 14 16:11:14 openconnect ocserv[2481]: pam_unix(ocserv:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=178.142.xxx.xxx user=testuser
> Dec 14 16:11:14 openconnect ocserv[2481]: pam_sss(ocserv:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost=178.142.xxx.xxx user=testuser
> Dec 14 16:11:14 openconnect ocserv[2481]: pam_sss(ocserv:account): Access denied for user testuser: 6 (Permission denied)
This is an error from pam_sss, you'll need to increase verbosity on
sssd to see the actual reason. Have you used the
https://ocserv.gitlab.io/www/recipes-ocserv-freeipa.html instructions?
regards,
Nikos
More information about the openconnect-devel
mailing list