On Sat, Apr 04, 2020 at 09:24:24AM +0200, Gert Doering wrote: > Hi, > > On Fri, Apr 03, 2020 at 05:30:23PM -0600, The Doctor via Openvpn-users wrote: > > tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret > > If you have this on the server... > > > ;tls-auth /usr/local/etc/openvpn/server/ta.key 1 > > ... you MUST have it on the client as well. >
Step 1. > > verb 9 > > this is way too high for normal debugging, use "verb 4" :-) > > As soon as you have the TLS-Auth part sorted out - there is no > authentication backend configured on the server, so it won't do > LDAP or radius. As for "how to do this", there's many possible ways > - you can use a plugin (plugin_auth_pam is a good start, and then > pam_radius or pam_ldap), or a script (--auth-user-pass-verify, see > the man page), ... > pam has always been problematic even on SASl, hence why I avoid it. > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Those who cannot win on facts rely upon slander. -unknown _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users