OpenVPN Integration about pam_aad HOT 9 CLOSED

plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn
client-cert-not-required
username-as-common-name

auth required pam_aad.so client_id= resource_id= tenant= required_group_id=
@include common-auth
account required pam_nologin.so
@include common-account
@include common-session
@include common-password

cp /etc/pam.d/sshd /etc/pam.d/openvpn

AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: dev
AUTH-PAM: BACKGROUND: my_conv[0] query='Enter the following code at https://aka.ms/devicelogin : BQBJRSVMC
Please hit enter after you have logged in.' style=1
AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'dev' failed to authenticate: Authentication failure
Tue Dec  4 13:16:48 2018 us=249047 192.168.254.1:1194 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
Tue Dec  4 13:16:48 2018 us=249075 192.168.254.1:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-plugin-auth-pam.so
Tue Dec  4 13:16:48 2018 us=249116 192.168.254.1:1194 TLS Auth Error: Auth Username/Password verification failed for peer
Tue Dec  4 13:16:48 2018 us=249214 192.168.254.1:1194 SIGTERM[soft,auth-control-exit] received, client-instance exiting

openvpn --config /etc/openvpn/server.conf
[ . . . TRUNCATED . . . ]
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: jnchi
Connected
AUTH-PAM: BACKGROUND: my_conv[0] query='Enter the following code at https://aka.ms/devicelogin : FJQH7VK77
Please hit enter after you have logged in.' style=2
Connected
no upn?
AUTH-PAM: BACKGROUND: user 'jnchi' failed to authenticate: Authentication failure

tail /var/log/auth.log
Mar  4 10:34:11 debian jnchi(pam_azure_authenticator)[9701]: debug: start of azure_authenticator for jnchi

$ ssh [email protected]
The authenticity of host '10.8.0.1 (10.8.0.1)' can't be established.
ECDSA key fingerprint is SHA256:UboLDzf2gy/tbDr7cUfW4pJWrduU+Tlex/vaaLY3kNM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.8.0.1' (ECDSA) to the list of known hosts.
An email with a one-time passcode was sent to your email.
Enter the code at https://aka.ms/devicelogin, then press enter.

Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Mar 21 12:01:09 2019 from 192.168.1.125
jnchi@debian:~$