[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
This is still a problem in Ubuntu 18.04. Note: systemd unit files provided by packages should not be modified by the user after installation, instead systemd's drop-in feature should be used. The proper workaround for this bug is to create the file /etc/systemd/system/openvpn@.service.d/10-pam-capability-fix.conf with the following contents (notice the added CAP_AUDIT_WRITE keyword): [Service] CapabilityBoundingSet= CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE Afterwards issue "systemctl daemon-reload" to make systemd aware of the drop-in and then restart the OpenVPN service. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
I can confirm @smotin 's report. This can also be found here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866523 ** Bug watch added: Debian Bug tracker #866523 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866523 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
Confirm. The same problem in Ubuntu 18.04 Bionic with OpenVPN 2.4.4, and the same solution - had to add CAP_AUDIT_WRITE into CapabilityBoundingSet parameter in /lib/systemd/system/openvpn@.service. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
Hi, I do see see the exact same problem on Ubuntu 17.10 with OpenVPN 2.4.3 Should I create a separate ticket for that? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
@sdeziel Sorry I made a mistake figuring out my distro. I finally downgraded to the last stable OpenVPN package which works as expected. Thanks very much for clarification -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
@r0binary, 16.04 doesn't ship with OpenVPN 2.4.3 so you should report the bug to those who provided your package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
Hi, I do see see the exact same problem on Ubuntu 16.04 with OpenVPN 2.4.3 Should I create a separate ticket for that? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
** Changed in: openvpn (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
Thanks Martin. I didn't know we could use fix released until the official release was made. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
** Changed in: openvpn (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
This was fixed in Debian in openvpn 2.3.10-1. This has already made it into Xenial 16.04. ** Bug watch added: Debian Bug tracker #795313 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795313 ** Also affects: openvpn (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795313 Importance: Unknown Status: Unknown ** Changed in: openvpn (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1511524] Re: OpenVPN PAM authentication broken on 15.10 Server
** Tags added: bitesize systemd-boot ** Changed in: openvpn (Ubuntu) Status: New => Triaged ** Changed in: openvpn (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs