[Freeipa-users] OTP not working since upgrade
Simo Sorce
simo at redhat.com
Mon Feb 29 05:44:56 UTC 2016
On Mon, 2016-02-29 at 00:11 +0000, Alessandro De Maria wrote:
> Solved.
> This turned out to be the ipa-otp process stuck on one of the 2 servers.
> The VPN requests where being sent to the other server which was working fine
>
> a simple restart of ipa fixed it.
Do you have any logs that show any error from the ipa-otpd process
It would be nice to fix any issue it may have.
Simo.
> Regards
>
> On 28 February 2016 at 23:17, Alessandro De Maria <
> alessandro.demaria at gmail.com> wrote:
>
> > Hello,
> >
> > since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore.
> > Name : ipa-server
> > Version : 4.2.0
> > Release : 15.el7_2.6
> >
> > The error I see in the
> > Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23 25
> > 26}) 10.0.1.10: NEEDED_PREAUTH: alessandro at XX.COM for krbtgt/XX.COM at XX.COM,
> > Additional pre-authentication required
> > Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18 17
> > 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: alessandro at XX.COM for krbtgt/
> > XX.COM at XX.COM, Incorrect password in encrypted challenge
> >
> > I tried syncing the OTP and also creating a new one.
> > Strangely enough I can connect OK with the VPN supplying password + OTP,
> > but OTP is not working on both freeipa gui and when issuing sudo.
> >
> > Could someone help me understand what is going on?
> >
> > Regards
> > Alessandro
> >
> >
> > --
> > Alessandro De Maria
> > alessandro.demaria at gmail.com
> >
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list