The account has the deny login flag set on it.The account is tied to a defunct external authentication system.You have lost the username and/or password.These are common administrative user login problems: We recommend a local account which is the default since Access Server version 2.10. The administrative account, which is by default called openvpn, may be either a bootstrap account in the operating system or an administrative account within the internal local authentication system of Access Server itself. Note: If you are not currently using the latest version of Access Server we recommend reading the notes on older versions. Reset default openvpn account administrative access
#Pritunl profile trial#
Still, you need to use some trial and error and the authcli tool.įor more information on the command-line tools, see the page here. When debugging problems with authenticating against an LDAP server, generally, the LDAP debug options are not necessary.
When you encounter an LDAP issue related to your search query, you receive an error message such as “user not found that meets specified criteria.” The user isn’t found in that location in the LDAP directory. Ensure you enter that carefully, especially where your search query is very specific. The most common problems for LDAP authentication relate to the base DN search query. Ensure you match cases for your usernames. However, if you sign in to Access Server with "Gary", and the LDAP server returns "gary" as the match, Access Server looks up user-specific properties for "gary". Some LDAP servers may not be case sensitive for usernames, such as Active Directory. Authentication fails if you enter "Gary" to sign in but the actual username is "gary". After a successful match, Access Server can apply user-specific properties-auto-login privileges, static IP address, and so on.įor PAM authentication, the username is case-sensitive. Ensure the username case matches between Access Server and the external authentication system. Most authentication systems are case-sensitive. authcli -user -pass -sr= Case-sensitive matters for usernames Verify authentication for a user with multi-factor authentication (MFA) enabled. Sample output of a successful local authentication attempt: API METHOD: authenticate Note: Mismatched usernames are one of the most common problems with authentication, where the username in the User Permissions table for OpenVPN Access Server doesn’t precisely match the username in the external authentication system.Ĭhoose from the below commands for debugging or testing with authcli. To run authcli, ensure you are in the /usr/local/openvpn_as/scripts/ directory and run the commands as a root user. You can print authentication results to your screen, see user-specific properties applied when authentication succeeds, and verify if expected properties get picked up. The authcli tool runs tests and provides useful debugging information in the process.
To validate your authentication configuration for OpenVPN Access Server, we recommend using the authcli command-line utility. Debugging / troubleshooting authentication problems Use the authcli tool
0 kommentar(er)
