However, if you sign in to Access Server with "Gary", and the LDAP server returns "gary" as the match, Access Server looks up user-specific properties for "gary". Some LDAP servers may not be case sensitive for usernames, such as Active Directory. Authentication fails if you enter "Gary" to sign in but the actual username is "gary". After a successful match, Access Server can apply user-specific properties-auto-login privileges, static IP address, and so on.įor PAM authentication, the username is case-sensitive. Ensure the username case matches between Access Server and the external authentication system. Most authentication systems are case-sensitive. authcli -user -pass -sr= Case-sensitive matters for usernames Verify authentication for a user with multi-factor authentication (MFA) enabled. Sample output of a successful local authentication attempt: API METHOD: authenticate Note: Mismatched usernames are one of the most common problems with authentication, where the username in the User Permissions table for OpenVPN Access Server doesn’t precisely match the username in the external authentication system.Ĭhoose from the below commands for debugging or testing with authcli. To run authcli, ensure you are in the /usr/local/openvpn_as/scripts/ directory and run the commands as a root user. You can print authentication results to your screen, see user-specific properties applied when authentication succeeds, and verify if expected properties get picked up. The authcli tool runs tests and provides useful debugging information in the process. To validate your authentication configuration for OpenVPN Access Server, we recommend using the authcli command-line utility. Key.Debugging / troubleshooting authentication problems Use the authcli tool Let clientConfigDestinationPath = "./client_configs" Let usersInOrgArr = await user.listUsers(orgId) => Outputs the user object for the first occurrence of the found userĭownload all client configurations in an Organization Let foundUser = await user.findUserByUsername(orgId, usernameToFind) Let foundOrg = await organization.findOrganizationByName("TooCool4SkewlOrg") You can have multiple users with the same username in an organization so please make sure you either don't create multiple users with the same name or check to make sure you've got the right one with this function. This returns the first occurrence of the user based on username.=> Outputs an array of existing organization objects Listing all Organizations const Pritunl = require('pritunl-api-wrapper') Ĭonst organization = priapi.Organization() Ĭonst organizationArr = await organization.listOrganizations() You'll find more examples in the /examples directory.Below are a few example uses for this API wrapper.SelfSignedCaPath: "./cacert/yourCaCert.pem" pem const Pritunl = require('pritunl-api-wrapper') If you are using a default installation without having manually generated any certs you can retrieve the cert found on the web GUI Settings -> Advanced -> Server SSL Certificate and paste it into a new file and give it the extension. Set your path to the CA cert during object instantiation on the selfSignedCaPath property This module supports the use of self-signed certificates. Using Pritunl API Wrapper with a Self-Signed Certificate Please make sure you understand the differences between the files referenced above before setting your credentials there.Exports will not persist unless you put them in your ~/.bash_profile, ~/.bashrc or /etc/environment.Set up your credentials using environment variables For Windows setx PRI_BASE_URL Set up your credentials during Pritunl object instantiationĬonst Pritunl = require('pritunl-api-wrapper').Setting your credentials Using parameters on Pritunl object See examples in the /examples directory for basic usage.Set the credentials during Pritunl object instantiation.Set up your credentials using one of the following options:.This API wrapper contains utility functions for working with the PritunlVPN API.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |