Seems really odd, I tried it on RHEL as well with the same issue.. passwd file is indeed marked correctly - I changed to using crypt() passwords and it worked immediately! Thanks, I guess crypt should be fine for XAUTH, and this way I can at least finish my setup for now. If anything is needed from me to further troubleshoot let me know and I can check on one of my now 5 VMs set up for this issue :)
*Pontus Wiberg* Operations Lead universumglobal.com ------------------------------ [image: Universum] On 21 August 2014 22:48, Paul Wouters <p...@nohats.ca> wrote: > On Thu, 21 Aug 2014, Pontus Wiberg wrote: > > FYI did a new setup on a Ubuntu server with no additional software but >> Libreswan and the requirements, a clean setup, >> clean ipsec.conf, getting the same error. The password is incorrectly >> handled by Libreswan or some dependency somewhere, >> same error as I've had on Openswan too. >> Is there anything I can do to help narrow this down? >> >> ****parse ISAKMP ModeCfg attribute: >> | ModeCfg attr type: 16521?? >> | length/value: 8 <-- username is correct and 8 chars >> | ****parse ISAKMP ModeCfg attribute: >> | ModeCfg attr type: 16522?? >> | length/value: 12 <-- password is correct and 12 chars >> | complete state transition with STF_IGNORE >> | * processed 0 messages from cryptographic helpers >> | next event EVENT_DPD in 15 seconds for #1 >> | next event EVENT_DPD in 15 seconds for #1 >> XAUTH: User testuser: Attempting to login >> XAUTH: passwd file authentication being called to authenticate user >> testuser >> XAUTH: password file (/etc/ipsec.d/passwd) open. >> | XAUTH: found user(testuser/testuser) pass($apr1$RXWgYKAc$***********/) >> connid(roadwarrior/roadwarrior) >> | XAUTH: checking user(testuser:roadwarrior) pass (null) vs >> $apr1$RXWgYKAc$***********/ <-- password is now: (null) >> XAUTH: nope >> XAUTH: User testuser: Authentication Failed: Incorrect Username or >> Password >> > > It's odd. I cannot reproduce this: > > XAUTH: User use3: Attempting to login > XAUTH: passwd file authentication being called to authenticate user use3 > > XAUTH: password file (/etc/ipsec.d/passwd) open. > | XAUTH: found user(road/use3) pass($apr1$898RP...$9gJFVFuZIvsD0dTGADcv10) > connid(xauth-road-eastnet/modecfg-road-eastnet-psk) > | XAUTH: found user(use1/use3) pass(xOzlFlqtwJIu2) > connid(xauth-road-eastnet/modecfg-road-eastnet-psk) > | XAUTH: found user(use2/use3) pass(xOzlFlqtwJIu2) > connid(xauth-road-eastnet-psk/modecfg-road-eastnet-psk) > | XAUTH: found user(use3/use3) pass(xOzlFlqtwJIu2) > connid(modecfg-road-eastnet-psk/modecfg-road-eastnet-psk) > | XAUTH: checking user(use3:modecfg-road-eastnet-psk) pass xOzlFlqtwJIu2 > vs xOzlFlqtwJIu2 > XAUTH: User use3: Authentication Successful > > Is your /etc/ipsec.d/passwd marked with the proper connection ? > > Note that Matt might be right about the crypt() call, although it is > odd. But you can try using htpasswd -d to generate crypt() passwords. > > Paul >
_______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan