[Freeipa-users] FreeOTP

Prashant Bapat prashant at apigee.com
Tue Jun 7 15:09:44 UTC 2016 

Do HOTP tokens work fine ?

On 7 June 2016 at 20:37, Winfried de Heiden <wdh at dds.nl> wrote:

> Hi all,
>
>
> Yes I check that one also. The IPA-server is running ntp and is is sync.
> The FreeOTP app is running on my phone which is synced by network, all
> looks fine....
>
>
> Forgot to mention; this IPA-server is running on Fedora ARM on a Bananapi.
> non-otp logins go well.
>
>
> Winny
>
>
>
>
> Op 07-06-16 om 16:56 schreef Prashant Bapat:
>
> ​If this is TOTP (time based) you want to double check the time is
> properly set in both the server (NTP) and the device that is generating the
> OTP tokens. I have had issues with this with my users couple of times. ​
>
> On 7 June 2016 at 19:43, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>
>> On Tue, 07 Jun 2016, Winfried de Heiden wrote:
>>
>>> Hi all,
>>> I tried the FreeIPA webUI, ssh and "su - otpuser", all the same result.
>>>
>> Ok.
>>
>>          Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): AS_REQ
>>>          (6 etypes {18 17 16
>>>          23 25 26}) 192.168.1.251: NEEDED_PREAUTH:
>>>          otpuser at BLABLA.BLA for krbtgt/
>>>          BLABLA.BLA at BLABLA.BLA, Additional pre-authentication
>>>          required
>>>          Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing
>>>          down fd 12
>>>          Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth
>>>          (otp) verify
>>>          failure: Connection timed out
>>>
>>>          I just cannot figure out what's going wrong. What is trying
>>>          to connect to
>>>          causing this timeout? (yep, I disabled firewalld for
>>>          this...)
>>>
>> What is the output of  systemctl status ipa-otpd.socket
>> ?
>>
>> if it is disabled, do
>>
>>  systemctl enable ipa-otpd.socket
>>  systemctl start ipa-otpd.socket
>>
>>
>> --
>> / Alexander Bokovoy
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160607/c84a2b0a/attachment.htm>

More information about the Freeipa-users mailing list