By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS - Microsoft ActiveDirectory // FreeRadius (Google MFA)

0

Hello,

I almost finish to setup my VPN with ActiveDirectory FreeRadius (MFA google authenticator), I have one issue .. I generated QR code for my Ad User and I scan it, when OpenVPN asking my OTP i have this following error

pam_winbind(google-authenticator:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7), NTSTATUS: NT_STATUS_LOGON_FAILURE, Error message was: The attempted logon is invalid. This is either due to a bad username or authentication information.

Enter image description here

So my password + otp isn't working

Inside/etc/pam.d/radiusd :

auth requisite /usr/lib/x86_64-linux-gnu/security/pam_google_authenticator.so forward_pass

auth required pam_unix.so use_first_pass

I am little bit lost... i double checked OTP code and its good, so why pam isn't connecting ?

Thanks

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2AWS Client VPN
Language
English
Alex
asked 3 months ago134 views
2 Answers
0

Does anyone have an idea ? I am completely stuck

Alex
answered 3 months ago
0

up ... I need help

Alex
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content