Public bug reported:
I have installed OpenVPN with your pam_yubico Module as suggested at
https://developers.yubico.com/yubico-pam/ on a fresh installed Ubuntu
Server 16.04 LTS and now the OpenVPN crashes every time a user wants to
connect since i have added the account line in the PAM Configuration-
file for OpenVPN.
before that (without the "account required" line in /etc/pamd.d/openvpn) the
setup works fine with my own account which is present at the local machine, now
i wanted a test with a new testing user and discovered that the account
required line is needed.
So i added it and now it's crashing the openVPN... any suggestions why this
happens?
in /etc/openvpn/server.conf:
[...]
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
in /etc/pam.d/openvpn:
auth required pam_yubico.so id=<ID> \
yubi_attr=<ATTRName> \
capath=/etc/ssl/certs \
ldap_uri=ldap://ad.intern.dc.de/ \
ldapdn=ou=worker,dc=intern,dc=dc,dc=de \
[email protected] ldap_bind_password=<passwd> \
ldap_filter=(&(sAMAccountName=%u)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de))
\
try_first_pass
account required pam_yubico.so
/var/log/openvpn.log says:
[../pam_yubico.c:authorize_user_token_ldap(286)] try bind with:
[email protected]:[<passwd>]
[../pam_yubico.c:authorize_user_token_ldap(319)] LDAP : look up object
base='ou=worker,dc=intern,dc=dc,dc=de'
filter='(&(sAMAccountName=vpnuser)(memberOf=CN=group,OU=worker,DC=intern,DC=dc,DC=de))',
ask for attribute '<ATTRName>'
[../pam_yubico.c:authorize_user_token_ldap(355)] LDAP : Found 1 values -
checking if any of them match '<yubiKey>::<yubiKey>'
[../pam_yubico.c:authorize_user_token_ldap(362)] Token Found :: <yubiKey>
[../pam_yubico.c:pam_sm_authenticate(1095)] done. [Success]
[../pam_yubico.c:pam_sm_acct_mgmt(1128)] pam_sm_acct_mgmt returing PAM_SUCCESS
*** stack smashing detected ***: /usr/sbin/openvpn terminated
Don't know for sure if the Problem is a openvpn or pam_yubico related
bug. But it is permanent and doesn't go away with every try i had.
Greetings n-ronny
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openvpn 2.3.10-1ubuntu2
ProcVersionSignature: Ubuntu 4.4.0-59.80-generic 4.4.35
Uname: Linux 4.4.0-59-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Thu Jan 26 16:42:41 2017
ExecutablePath: /usr/sbin/openvpn
InstallationDate: Installed on 2017-01-18 (7 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64
(20160719)
ProcEnviron:
TERM=linux
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: openvpn (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659592
Title:
***stack smashing detected***: /usr/sbin/openvpn: If libpam_yubico is
used for authentication for 2FA.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1659592/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
