    After following Mr McShane's advice and making the following change to "/etc/samba/smb.conf":
    winbind offline logon = yes
    I haven't had a single VPN connection drop, nor have I had to bump the SMB Cache to restore service.
    I'm recommending his solution, and will mark this as resolved in 2 more weeks if all holds fast.
  • Before replying to this thread, I tried setting a "tab refresh" in Firefox to refresh the accounts page in the WebGUI, but that also failed

    So I modified the cron job to clear cache first:
    */5 * * * * /usr/sbin/nscd -i passwd && /usr/bin/getent passwd && /usr/sbin/nscd -i group && /usr/bin/getent group
    But that didn't help; my users still got kicked off. I even ran it manually when we got disconnected, but that didn't allow us to authenticate.

    It wasn't until I logged into the WebGUI and forced a cache refresh that users were allowed to authenticate.

  • I'm afraid that didn't resolve the issue. Even running it manually generates output from AD, but doesn't permit OpenVPN authentication from AD.

    I have found that I have to refresh the cache on the WebGUI lets the AD Connector resume authentication.Could the nscd be involved in my issue?

  • Admin YouDecide

    OpenVPN dropping connections

    Lately our OpenVPN connections are dropping, and when the users go to reconnect they can't get past the login prompt.
    We have the Active Directory Connector installed and connected to the main DC.

    To resolve the issue, I have to open "System > Accounts > Users" and "System > Accounts > Groups" and wait for the list to populate, then Stop and Restart OpenVPN. Then the users can authenticate.

    Has anyone else had this issue?

    ====== Software Version ======

    ====== Message Logs ======
    === User logs in ===
    Mar 2 07:17:44 VPNSERVER openvpn[1183]: TLS: Username/Password authentication succeeded for username 'REMOTEUSER'

    === Begin error (nothing in log for prior 45 minutes) ==
    Mar 2 08:00:47 VPNSERVER openvpn[1183]: REMOTEUSER/ TLS: soft reset sec=1017 bytes=69159716/67108864 pkts=106513/0
    Mar 2 08:00:47 VPNSERVER openvpn[1183]: REMOTEUSER/ VERIFY OK: depth=1, C=US, L=Duluth, O=ClearOS, OU=DUL,, [email protected], O=YouDecide, ST=GA
    Mar 2 08:00:47 VPNSERVER openvpn[1183]: REMOTEUSER/ VERIFY OK: depth=0, C=US, ST=GA, L=Duluth, O=ClearOS, O=YouDecide, OU=DUL, CN=REMOTEUSER, [email protected]
    Mar 2 08:00:49 VPNSERVER openvpn[1183]: REMOTEUSER/ PLUGIN_CALL: POST /usr/lib64/openvpn/plugins/ status=1
    Mar 2 08:00:49 VPNSERVER openvpn[1183]: REMOTEUSER/ PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugins/
    Mar 2 08:00:49 VPNSERVER openvpn[1183]: REMOTEUSER/ TLS Auth Error: Auth Username/Password verification failed for peer
    Mar 2 08:00:49 VPNSERVER openvpn[1183]: REMOTEUSER/ Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Mar 2 08:01:47 VPNSERVER openvpn[1183]: REMOTEUSER/ TLS Error: local/remote TLS keys are out of sync: [AF_INET] (via [AF_INET] [1]

    === Clicking on Users & Groups to ennumerate the lists===
    Mar 2 08:06:59 VPNSERVER systemd: Starting Cleanup of Temporary Directories...
    Mar 2 08:06:59 VPNSERVER systemd: Started Cleanup of Temporary Directories.
    Mar 2 08:07:06 VPNSERVER clearsyncd[707]: System Events: Socket hang-up: 29
    Mar 2 08:07:06 VPNSERVER clearsyncd[707]: System Events: Socket hang-up: 29
    Mar 2 08:07:08 VPNSERVER webconfig: Redirecting to /bin/systemctl stop winbind.service
    Mar 2 08:07:08 VPNSERVER systemd: Stopping Samba Winbind Daemon...
    Mar 2 08:07:08 VPNSERVER systemd: Stopped Samba Winbind Daemon.
    Mar 2 08:07:08 VPNSERVER webconfig: Redirecting to /bin/systemctl start winbind.service
    Mar 2 08:07:08 VPNSERVER systemd: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid argument.
    Mar 2 08:07:08 VPNSERVER systemd: Starting Samba Winbind Daemon...
    Mar 2 08:07:08 VPNSERVER systemd: winbind.service: Supervising process 21616 which is not our child. We'll most likely not notice when it exits.
    Mar 2 08:07:08 VPNSERVER systemd: Started Samba Winbind Daemon.

    === Restrarting OpenVPN ===
    Mar 2 08:07:40 VPNSERVER systemd: Stopping OpenVPN Robust And Highly Flexible Tunneling Application On clients/tcp...
    Mar 2 08:07:40 VPNSERVER systemd: Stopped OpenVPN Robust And Highly Flexible Tunneling Application On clients.
    Mar 2 08:07:44 VPNSERVER systemd: Starting OpenVPN Robust And Highly Flexible Tunneling Application On clients/tcp...

    === User logs back in ===
    Mar 2 08:07:46 VPNSERVER openvpn[22173]: TLS: Username/Password authentication succeeded for username 'REMOTEUSER'

