[Freeipa-users] FreeOTP
Prashant Bapat
prashant at apigee.com
Tue Jun 7 14:56:34 UTC 2016
If this is TOTP (time based) you want to double check the time is properly
set in both the server (NTP) and the device that is generating the OTP
tokens. I have had issues with this with my users couple of times.
On 7 June 2016 at 19:43, Alexander Bokovoy <abokovoy at redhat.com> wrote:
> On Tue, 07 Jun 2016, Winfried de Heiden wrote:
>
>> Hi all,
>> I tried the FreeIPA webUI, ssh and "su - otpuser", all the same result.
>>
> Ok.
>
> Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): AS_REQ
>> (6 etypes {18 17 16
>> 23 25 26}) 192.168.1.251: NEEDED_PREAUTH:
>> otpuser at BLABLA.BLA for krbtgt/
>> BLABLA.BLA at BLABLA.BLA, Additional pre-authentication
>> required
>> Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing
>> down fd 12
>> Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth
>> (otp) verify
>> failure: Connection timed out
>>
>> I just cannot figure out what's going wrong. What is trying
>> to connect to
>> causing this timeout? (yep, I disabled firewalld for
>> this...)
>>
> What is the output of systemctl status ipa-otpd.socket
> ?
>
> if it is disabled, do
>
> systemctl enable ipa-otpd.socket
> systemctl start ipa-otpd.socket
>
>
> --
> / Alexander Bokovoy
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160607/482ccbde/attachment.htm>
More information about the Freeipa-users
mailing list