CODEWITHSUNDEEP
pamradiusnpsocserv
konkaGhe
konkaGhe

Reputation: 1

ocserv rewrite framed ip from radius

Problem with set ip from Microsoft NPS to ocserv vpn user.

First time it

ocserv[25974]: main: Starting 1 instances of ocserv-sm
ocserv[25974]: main: initialized OpenConnect VPN Server 1.2.5
ocserv[25976]: sec-mod: reading supplemental config from files
ocserv[25976]: sec-mod: sec-mod initialized (socket: /var/run/ocserv-socket.40bec52d.0)
ocserv[25976]: sec-mod: sec-mod instance 0 issue cookie
ocserv[25976]: sec-mod: using 'pam' authentication to authenticate user (session: 8rNPYi)
ocserv[25976]: pam_radius_auth: 2.0.1 (git #53c0cfff), built on Nov  2 2021 at 14:37:12
ocserv[25976]: pam_radius_auth: DEBUG: conf='/etc/pam_radius_auth.conf' use_first_pass=no try_first_pass=no skip_passwd=no retry=123 localifdown=no client_id='666' accounting_bug=no ruser=no prompt='Password: ' force_prompt=no prompt_attribute=no max_challenge=0 privilege_level=no
ocserv[25976]: pam_radius_auth: Got user name: 'user'
ocserv[25976]: pam_radius_auth: ignore last_pass, force_prompt set
ocserv[25976]: pam_radius_auth: Sending RADIUS request code 1 (Access-Request)
ocserv[25976]: pam_radius_auth: DEBUG: get_ipaddr(192.168.70.105) returned 0.
ocserv[25976]: pam_radius_auth: Got RADIUS response code 2 (Access-Accept)
ocserv[25976]: pam_radius_auth: Set PAM environment variable : Framed-IP-Address=10.10.1.44
ocserv[25976]: pam_radius_auth: authentication succeeded

But then

ocserv[25974]: main[user]:7.4.201.8:55202 new user session
ocserv[25974]: main[user]:7.4.201.8:55202 user logged in
ocserv[25980]: worker[user]: 7.4.201.8 suggesting DPD of 90 secs
ocserv[25980]: worker[user]: 7.4.201.8 configured link MTU is 1500
ocserv[25980]: worker[user]: 7.4.201.8 peer's link MTU is 1500
ocserv[25980]: worker[user]: 7.4.201.8 sending IPv4 10.10.1.8
ocserv[25980]: worker[user]: 7.4.201.8 adding DNS 10.0.0.1
ocserv[25980]: worker[user]: 7.4.201.8 adding custom header 'X-My-Header: hi there'
ocserv[25980]: worker[user]: 7.4.201.8 Link MTU is 1500 bytes
ocserv[25976]: sec-mod: initiating session for user 'user' (session: 8rNPYi)

I was used many other ocserv pam config, but always the same result.

example

#%PAM-1.0
auth            [success=1 default=ignore]      pam_radius_auth.so conf=/etc/pam_radius_auth.conf debug retry=123
auth            requisite                       pam_deny.so
auth            required                        pam_permit.so
auth            required                        /usr/local/lib/security/pam_linotp.so debug url=https://192.168.0.1/validate/simplecheck nosslhostnameverify nosslcertverify
session         [default=1]                     pam_permit.so
session         requisite                       pam_deny.so
session         required                        pam_permit.so
account         required                        pam_nologin.so
account         include                         password-auth  
session         include                         password-auth

How i can handle to proceed Framed-ip-address to user?

Upvotes: 0

Views: 133

Answers (0)

Related Questions