[9.165][DUPE] SSLVPN not working

Hi,

since updating to 9.165 the SSLVPN is not working anymore. It always complains about bad password, but the passowrd is right. I use backend authentication with AD, testing authentication in webinterface works.

I get the following in the aua.log:


2013:11:05-09:12:38 fw aua[3352]: id="3006" severity="info" sys="System" sub="auth" name="Child 17336 is running too long. Killing child"

2013:11:05-09:12:38 fw aua[17529]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="217.243.252.98" user="mtechel" caller="openvpn" reason="DENIED"

and in the client log:


Tue Nov 05 09:12:43 2013 AUTH: Received control message: AUTH_FAILED

Tue Nov 05 09:12:43 2013 SIGUSR1[soft,auth-failure] received, process restarting

Tue Nov 05 09:12:43 2013 MANAGEMENT: >STATE:1383639163,RECONNECTING,auth-failure,,

Tue Nov 05 09:12:43 2013 Restart pause, 5 second(s)

Tue Nov 05 09:13:05 2013 MANAGEMENT: Client disconnected

Tue Nov 05 09:13:05 2013 ERROR: could not read Auth username/password/ok/string from management interface

Tue Nov 05 09:13:05 2013 Exiting due to fatal error

Parents

0 martin170 over 11 years ago

Hi,

can you tell us more about your configuration please?!
Which features turned on (OTP)?
Can you please turn on the aua debug log (pkill -USR2 aua.bin).
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 quasar3c279 over 11 years ago in reply to martin170

Hi,

we are just using two profiles in SSLVPN. Authentication via ActiveDirectory.

Here is the aua-debug.log:


2013:11:06-11:17:25 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth: authentication succeeded with method adirectory, checking authorization now"

2013:11:06-11:17:25 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth returns result 1"

2013:11:06-11:17:25 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="User object: $VAR1 = '';

2013:11:06-11:17:25 fw aua[24918]: "

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="User object: $VAR1 = undef;

2013:11:06-11:17:26 fw aua[24918]: "

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="No matching user object found in confd for facility openvpn -> failing authentication"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="User mtechel is not authenticated or authorized for facility openvpn, all methods tried"

2013:11:06-11:17:26 fw aua[24918]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.24.5.103" user="mtechel" caller="openvpn" reason="DENIED"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Method: adirectory"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Result: 0"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Ref: REF_fkOcnOxZBa"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Groups: REF_AaaGroWebadUsers:REF_NetAaaWebadUsersUser|REF_AaaGroSslVpnUsers:REF_NetAaaSslVpnUsers"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Comment: "

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="No update on blocklist desired"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="result:

2013:11:06-11:17:26 fw aua[24918]: DENIED"

I can send you the complete log if you give me your email.

Regards, Mario

Reply

0 quasar3c279 over 11 years ago in reply to martin170

Hi,

we are just using two profiles in SSLVPN. Authentication via ActiveDirectory.

Here is the aua-debug.log:


2013:11:06-11:17:25 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth: authentication succeeded with method adirectory, checking authorization now"

2013:11:06-11:17:25 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="do_auth returns result 1"

2013:11:06-11:17:25 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="User object: $VAR1 = '';

2013:11:06-11:17:25 fw aua[24918]: "

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="User object: $VAR1 = undef;

2013:11:06-11:17:26 fw aua[24918]: "

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="No matching user object found in confd for facility openvpn -> failing authentication"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="User mtechel is not authenticated or authorized for facility openvpn, all methods tried"

2013:11:06-11:17:26 fw aua[24918]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.24.5.103" user="mtechel" caller="openvpn" reason="DENIED"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Method: adirectory"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Result: 0"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Ref: REF_fkOcnOxZBa"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Groups: REF_AaaGroWebadUsers:REF_NetAaaWebadUsersUser|REF_AaaGroSslVpnUsers:REF_NetAaaSslVpnUsers"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="Comment: "

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="No update on blocklist desired"

2013:11:06-11:17:26 fw aua[24918]: id="3007" severity="debug" sys="System" sub="auth" name="result:

2013:11:06-11:17:26 fw aua[24918]: DENIED"

I can send you the complete log if you give me your email.

Regards, Mario

Children

No Data