So I configured Dante 1.4.2
(compiled it from source on Debian 8.7 which runs on MS Azure) and followed their official configuration guide to run my SOCKS5 server. I created a firewall rule to accept incoming connection on port 1080 tcp
. I used Mozilla Firefox to connect to it. It works fine when there is no authentication. However, I cannot connect when I set socksmethod: pam.username
. I'm also quite sure that Dante was compiled with pam support (build: libwrap mon-data mon-disconnect pam preload sess2
)
This is my /etc/sockd.conf
#logging
errorlog: /home/toto/Logs/sockd.errlog
logoutput: /home/toto/Logs/sockd.log
#debug: 1
# The listening network interface or address.
internal: eth0 port = 1080
# The proxying network interface or address.
external: eth0
#server identities (not needed on solaris)
user.privileged: root
user.notprivileged: nobody
#user.libwrap: libwrap
#reverse dns lookup
#srchost: nodnsmismatch
# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none
# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: pam.username
#standard client rule, accept all clients
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
socksmethod: pam.username
}
#outgoing traffic, requiring pam.username authentication, as specified
#in the global socksmethod.
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: connect disconnect error
socksmethod: pam.username
}
Socks does not seems to bind to my internal address. The log file says: failed to bind internal addresses: Address already in use
The internal address is behind an NAT so that could be the problem.
If I remove bind
from config it starts but throws the message: block(1): tcp/accept ]: 199.217.115.228.9069 10.0.0.6.1080: error after reading 3 bytes in 0 seconds: client offered no acceptable authentication method
, these log entries continue (each with different address) until I end the server process.
Also my /etc/pam.d/sockd
account required pam_nologin.so
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_limits.so
Thank You!
Best Answer
I would check if you are sending your username and password when connecting.
it seems nothing was sent by the client.