Re: [Swan] XAUTH: PAM auth chain failed with '7' on CentOS 7

Thu, 21 Aug 2014 13:48:46 -0700 

On Thu, 21 Aug 2014, Pontus Wiberg wrote:


FYI did a new setup on a Ubuntu server with no additional software but 
Libreswan and the requirements, a clean setup,
clean ipsec.conf, getting the same error. The password is incorrectly handled 
by Libreswan or some dependency somewhere,
same error as I've had on Openswan too. 
Is there anything I can do to help narrow this down? 

 ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: 16521??
|    length/value: 8  <-- username is correct and 8 chars
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: 16522??
|    length/value: 12 <-- password is correct and 12 chars
| complete state transition with STF_IGNORE
| * processed 0 messages from cryptographic helpers
| next event EVENT_DPD in 15 seconds for #1
| next event EVENT_DPD in 15 seconds for #1
XAUTH: User testuser: Attempting to login
XAUTH: passwd file authentication being called to authenticate user testuser
XAUTH: password file (/etc/ipsec.d/passwd) open.
| XAUTH: found user(testuser/testuser) pass($apr1$RXWgYKAc$***********/) 
connid(roadwarrior/roadwarrior)
| XAUTH: checking user(testuser:roadwarrior) pass (null) vs 
$apr1$RXWgYKAc$***********/ <-- password is now: (null)
XAUTH: nope
XAUTH: User testuser: Authentication Failed: Incorrect Username or Password


It's odd. I cannot reproduce this:

XAUTH: User use3: Attempting to login
XAUTH: passwd file authentication being called to authenticate user use3
XAUTH: password file (/etc/ipsec.d/passwd) open.
| XAUTH: found user(road/use3) pass($apr1$898RP...$9gJFVFuZIvsD0dTGADcv10) 
connid(xauth-road-eastnet/modecfg-road-eastnet-psk)
| XAUTH: found user(use1/use3) pass(xOzlFlqtwJIu2) 
connid(xauth-road-eastnet/modecfg-road-eastnet-psk)
| XAUTH: found user(use2/use3) pass(xOzlFlqtwJIu2) 
connid(xauth-road-eastnet-psk/modecfg-road-eastnet-psk)
| XAUTH: found user(use3/use3) pass(xOzlFlqtwJIu2) 
connid(modecfg-road-eastnet-psk/modecfg-road-eastnet-psk)
| XAUTH: checking user(use3:modecfg-road-eastnet-psk) pass xOzlFlqtwJIu2 vs 
xOzlFlqtwJIu2
XAUTH: User use3: Authentication Successful

Is your /etc/ipsec.d/passwd marked with the proper connection ?

Note that Matt might be right about the crypt() call, although it is
odd. But you can try using htpasswd -d to generate crypt() passwords.

Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to