Code:
openvpn-plugin-auth-pam.so openvpn-auth-ldap.so
I managed to get it working by using only the auth-pam module by making these two modifications:
/etc/pam.d/openvpn
Code:
#LDAP Authentication auth required pam_ldap.so #OTP Authentication auth requisite pam_oath.so debug usersfile=/etc/users.oath window=30 digits=6 account required pam_ldap.so account sufficient pam_permit.so
Code:
#Not used anymore: #plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/ldap.conf #plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD pin OTP" plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so "openvpn login USERNAME password PASSWORD One-time OTP"
I had to change "pin" to "One-time" in the module config as pam-oath queries for "query='One-time password (OATH) for `edumeres': ' style=1", so "pin" did not match the query of the module.
Leave a comment: