When I use the plugin for authentication at server.conf, authentication wont work, but without it, non existent users can authenticate also.
I have added the following lines in the server conf and clinet
Commands in the server.conf file
================================
mode server
tls-server
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login
key-direction 0
================================
Commands in the client file
=================================
port 1194
proto udp
dev tun
nobind
key-direction 1
redirect-gateway def1
tls-version-min 1.2
auth SHA256
auth-user-pass
tls-client
remote-cert-tls server
resolv-retry infinite
persist-key
persist-tun
verb 3
===============================
Logs:
==============================================================
PLUGIN_CALL: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so
TLS Auth Error: Auth Username/Password verification failed for peer
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1559124952) Wed May 29 10:15:52 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:
openvpn[10420]: pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=*****```
==============================================================
I have used differen approached, although in production plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so login is recommended way, but I have taken one shell script and got authentication, but remember it is dangerous.
add following lines in your /etc/openvpn/server.conf file
--verify-cline-cert none
script-security 2
auth-user-pass-verify /etc/openvpn/example.sh via-file
Now create a file in /etc/openvpn/example.sh with following content
!/bin/bash
echo "started"
username=`head -1 $1`
password=`tail -1 $1`
if grep "$username:$password" $0.passwd > /dev/null 2>&1
then
exit 0
else
if grep "$username" $0.passwd > /dev/null 2>&1
then
echo "auth-user-pass-verify: Wrong password entered for user '$username'"
else
echo "auth-user-pass-verify: Unknown user '$username'"
fi
exit 1
fi
Now create username and password in /etc/openvpn/example.sh.passwd with following content
userone:securepassworduserone
usertwo:securepasswordusertwo
Now create a client file and import and connect using your password, but this where I am stack as I don't want to provide client file.
The client.php example using command "php client.php" , in http://gearman.org/getting-started/ can successfully communicate to worker.php, but using in webbrowser failed to communicated to worker.php, Does anyone know why and how to configure the gearmand or work around?
OS:CentOS 6.7
Gearmand version:1.1.8.
Gearmand started with "gearmand -l stderr --verbose DEBUG"
when Clients communicate using "gearman -f work < /somedir/somefile" command, the information return as predicted, terminal displays informations as follow,
DEBUG 2015-10-30 11:56:01.371309 [ 1 ] Received GEARMAN_GRAB_JOB_ALL ::58ca:3fa1:77f:0%4234047483:2705334353 -> libgearman-server/thread.cc:310
DEBUG 2015-10-30 11:56:01.371317 [ 1 ] ::58ca:3fa1:77f:0%4234047483:41704 Watching POLLIN -> libgearman-server/gearmand_thread.cc:151
DEBUG 2015-10-30 11:56:01.371334 [ proc ] ::58ca:3fa1:77f:0%4234047483:41704 packet command GEARMAN_CAN_DO -> libgearman-server/server.cc:111
DEBUG 2015-10-30 11:56:01.371344 [ proc ] Registering function: work -> libgearman-server/server.cc:522
DEBUG 2015-10-30 11:56:01.371352 [ proc ] ::58ca:3fa1:77f:0%4234047483:41704 packet command GEARMAN_GRAB_JOB_ALL -> libgearman-server/server.cc:111
DEBUG 2015-10-30 11:56:01.371371 [ 1 ] Received RUN wakeup event -> libgearman-server/gearmand_thread.cc:610
but when webbrowser navigates to "http://localhost/client.php",no information showed in web browser, terminal displays nothing too.
information in error.log of nginx as follow:
2015/10/30 04:59:10 [error] 2756#0: *2 FastCGI sent in stderr: "PHP message: PHP Warning: GearmanClient::doNormal(): send_packet(GEARMAN_COULD_NOT_CONNECT) Failed to send server-options packet -> libgearman/connection.cc:485 in /usr/share/nginx/html/client.php on line 4" while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /client.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "localhost"
[root#localhost html]# cat client.php
<?php
$client= new GearmanClient();
$client->addServer("127.0.0.1",4730);
print $client->doNormal("reverse", "Hello World!");
?>
[root#localhost html]# cat worker.php
<?php
$worker= new GearmanWorker();
$worker->addServer("127.0.0.1",4730);
$worker->addFunction("reverse", "my_reverse_function");
while ($worker->work());
function my_reverse_function($job)
{
return strrev($job->workload());
}
?>
maybe the problem is that the webpage has limits or permission on socket operation?
I think configuration with --http-port option maybe now not mature and stable,So my prefered solution is that php webpages as client can submit job directly to Gearmand, to be processed by a C++ complied worker program. And the c++ worker program should serve many request without call and run and exit per request to save time.
Can this solution possible.
Please help me.
Thanks a lot!
With guidance from tom and Wali Usmani and Clint, finally the Cause was narrowed down to the permission problem in SELinux.
Details can be refered to https://groups.google.com/forum/#!topic/gearman/_dW8SRWAonw.
many thanks to tom and Wali Usmani and Clint.
I want to ask opencart problem, I got this error:
SyntaxError: JSON.parse: unexpected non-whitespace character after JSON data
OK
{"country_id":"100","name":"Indonesia","iso_code_2":"ID","iso_code_3":"IDN" ,"address_format":"","postcode_required":"1","zone":[{"zone_id":"1507","country_id":"100","name":"Aceh","code":"Aceh","status":" 1"},{"zone_id":"1508","country_id":"100","name":"Bali","code":"Bali","statu s":"1"},{"zone_id":"1509","country_id":"100","name":"Banten","code":"Banten ","status":"1"},{"zone_id":"1510","country_id":"100","name":"Bengkulu","cod e":"BE","status":"1"},{"zone_id":"1511","country_id":"100","name":"D.I.Yogy akarta","code":"YG","status":"1"},{"zone_id":"1512","country_id":"100","nam e":"Gorontalo","code":"GO","status":"1"},{"zone_id":"1513","country_id":"10 0","name":"Jakarta","code":"Jakarta","status":"1"},{"zone_id":"1514","count ry_id":"100","name":"Jambi","code":"JA","status":"1"},{"zone_id":"1515","co untry_id":"100","name":"Jawa Barat","code":"JB","status":"1"},{"zone_id":"1516","country_id":"100","name ":"Jawa Tengah","code":"JT","status":"1"},{"zone_id":"1517","country_id":"100","nam e":"Jawa Timur","code":"JI","status":"1"},{"zone_id":"1518","country_id":"100","name ":"Kalimantan Barat","code":"KB","status":"1"},{"zone_id":"1519","country_id":"100","name ":"Kalimantan Selatan","code":"KS","status":"1"},{"zone_id":"1520","country_id":"100","na me":"Kalimantan Tengah","code":"KT","status":"1"},{"zone_id":"1521","country_id":"100","nam e":"Kalimantan Timur","code":"KI","status":"1"},{"zone_id":"1522","country_id":"100","name ":"Kepulauan Bangka Belitung","code":"BB","status":"1"},{"zone_id":"1537","country_id":"100","n ame":"Kepulauan Riau","code":"KPR","status":"1"},{"zone_id":"1523","country_id":"100","name ":"Lampung","code":"LA","status":"1"},{"zone_id":"1524","country_id":"100", "name":"Maluku","code":"MA","status":"1"},{"zone_id":"1525","country_id":"1 00","name":"Maluku Utara","code":"MU","status":"1"},{"zone_id":"1526","country_id":"100","name ":"Nusa Tenggara Barat","code":"NB","status":"1"},{"zone_id":"1527","country_id":"100","name ":"Nusa Tenggara Timur","code":"NT","status":"1"},{"zone_id":"1528","country_id":"100","name ":"Papua","code":"PA","status":"1"},{"zone_id":"3970","country_id":"100","n ame":"Papua Barat","code":"PB","status":"1"},{"zone_id":"1529","country_id":"100","name ":"Riau","code":"RI","status":"1"},{"zone_id":"3971","country_id":"100","na me":"Sulawesi Barat","code":"SR","status":"1"},{"zone_id":"1530","country_id":"100","name ":"Sulawesi Selatan","code":"SN","status":"1"},{"zone_id":"1531","country_id":"100","na me":"Sulawesi Tengah","code":"ST","status":"1"},{"zone_id":"1532","country_id":"100","nam e":"Sulawesi Tenggara","code":"SG","status":"1"},{"zone_id":"1533","country_id":"100","n ame":"Sulawesi Utara","code":"SA","status":"1"},{"zone_id":"1534","country_id":"100","name ":"Sumatera Barat","code":"SB","status":"1"},{"zone_id":"1535","country_id":"100","name ":"Sumatera Selatan","code":"SS","status":"1"},{"zone_id":"1536","country_id":"100","na me":"Sumatera Utara","code":"SU","status":"1"}],"status":"1"}<b>Warning</b>:
file_put_contents(C:\xampp\htdocs\rumahjoy\vqmod/logs/Fri.log) [<a href='function.file-put-contents'>function.file-put-contents</a>]: failed to open stream: No such file or directory in <b>/home/sloki/user/h1604/sites/rumahjoy.com/www/vqmod/vqmod.php</b> on line <b>395</b>LOG FILE COULD NOT BE WRITTEN
I have 2 question:
First, what happen with my vqmod? It got C:\xampp (localhost). I've hosted it to server which must be /home/sloki/user/.......
Second, what's wrong with JSON error? Because at localhost it works fine.
Upgrade to VQmod 2.3.2 then its solved..