[Freeipa-users] FreeOTP
Alexander Bokovoy
abokovoy at redhat.com
Tue Jun 7 13:02:03 UTC 2016
On Tue, 07 Jun 2016, Winfried de Heiden wrote:
>Hi all,
>
>I am trying to setup Freeipa with otp using the freeotp app. All looks fine,
>adding the user to the FreeOTP app also works fine. The users looks like:
>ipa user-show otpuser
> User login: otpuser
> First name: otp
> Last name: user
> Home directory: /home/otpuser
> Login shell: /bin/bash
> Email address: otpuser at blabla.bla
> UID: 10011
> GID: 10011
> User authentication types: otp
> Account disabled: False
> Password: True
> Member of groups: ipausers
> Kerberos keys available: True
>
>However, trying to login in will fail; /var/log/krb5kdc.log will tell:
>
>Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): AS_REQ (6 etypes {18 17 16
>23 25 26}) 192.168.1.251: NEEDED_PREAUTH: otpuser at BLABLA.BLA for krbtgt/
>BLABLA.BLA at BLABLA.BLA, Additional pre-authentication required
>Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing down fd 12
>Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth (otp) verify
>failure: Connection timed out
>
>I just cannot figure out what's going wrong. What is trying to connect to
>causing this timeout? (yep, I disabled firewalld for this...)
How did you try to login?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list