Hi, I configured my OpenVPN (Debian 7 x64) Server following this howto: http://www.howtoforge.com/how-to-set-up-openvpn-to-authenticate-with-linotp to secure my OpenVPN with OTP and LinOTP. It sais not local users are needed, when using pam_permit.so for account and session. But I need local users. When trying to authenticate a users that does not have a local account, PAM stops here (auth.log): pam_linotp[5698]: start pam_linotp.py authentication: 0, ['/lib/security/pam_linotp.py', 'debug', 'url=https://otp.server.local/validate/simplecheck', 'nosslhostnameverify', 'realm=', 'logpassword=no'] After creating a local user it works (auth.log): pam_linotp[5698]: start pam_linotp.py authentication: 0, ['/lib/security/pam_linotp.py', 'debug', 'url=https://otp.server.local/validate/simplecheck', 'nosslhostnameverify', 'realm=', 'logpassword=no'] pam_linotp[5698]: got no password in authtok - trying through conversation pam_linotp[5698]: got password: 123456 pam_linotp[5698]: calling url https://otp.server.local/validate/simplecheck' {'realm': 'corporatequality.de', 'user': 'username', 'pass': '123456'} pam_linotp[5698]: :-( pam_linotp[5698]: user rejected Here are my pam files on the OpenVPN Server (I only changed validate/check to validate/simplecheck): common-linotp: auth [success=1 default=ignore] pam_python.so /lib/security/pam_linotp.py debug url=https://otp.server.local/validate/simplecheck nosslhostnameverify realm= logpassword=no auth requisite pam_deny.so auth required pam_permit.so openvpn: @include common-linotp session sufficient pam_permit.so account sufficient pam_permit.so Was anybody successful doing this? Thanks and Kind regards, Andreas
