ocserv: config-per-group not read if group comes from certificate

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Wed Sep 24 07:48:47 PDT 2014

On Wed, Sep 24, 2014 at 2:41 PM, Norbert Paschedag <noe at physik.uzh.ch> wrote:
> Hi,
> I'm trying to set up ocserv so it can be used by anyconnect users.
> Authentication is done via certificates and passwords (via pam).
> The group is determined from the cert DN and there's no group selector
> (although anyconnect displays the group).
> Both user and group are correctly shown in the debug output:
> ocserv[12766]: sec-mod: auth init for user 'testuser' (group: 'vpntest')
> from ''

> The config-per-group files, however, are not being read at all and it
> seems that the proc->groupname seen in get_sup_config() is empty.
> config-per-user _is_ read correctly.

 Could you elaborate on the scenario at hand. Do you have both a config
per user and config per group, and both should be read for this particular user?
What is the log (with debugging) output when that user connects?

If both apply, ocserv should load the group configuration, and then the user
configuration will override it.


More information about the openconnect-devel mailing list