[Freeipa-users] Why OTP not working
Andrey Dudin
dudin.andrey at gmail.com
Tue May 16 19:51:52 UTC 2017
Hello all.
I trying to use OTP auth in Freeipa but have some problems.
I have user *test:*
[root at ipa-centos]# ipa user-show test
User login: test
First name: test
Last name: test
Home directory: /home/test
Login shell: /bin/sh
Principal name: test at MYDOMAIN.COM
Principal alias: test at MYDOMAIN.COM
Email address: test at mydomain.com
UID: 152200001
GID: 152200001
Account disabled: False
Password: True
Member of groups: trust admins, ipausers, admins
Kerberos keys available: True
And his token:
[root at ipa-centos]# ipa otptoken-show 7fa47f65-dc72-486e-8dd4-6393c7e389bd
Unique ID: 7fa47f65-dc72-486e-8dd4-6393c7e389bd
Type: TOTP
Owner: test
Manager: test
Server with FreeIpa:
[root at ipa-centos]# ipa host-show ipa-centos.mydomain.com
Host name: ipa-centos.mydomain.com
Principal name: host/ipa-centos.mydomain.com at MYDOMAIN.COM
Principal alias: host/ipa-centos.mydomain.com at MYDOMAIN.COM
SSH public key fingerprint: %some fingerprints%
Authentication Indicators: otp
Password: False
Member of host-groups: ipaservers
Keytab: True
Managed by: ipa-centos.mydomain.com
And service for freeipa http by default:
[root at ipa-centos]# ipa service-show http/ipa-centos.mydomain.com
Principal name: HTTP/ipa-centos.mydomain.com at MYDOMAIN.COM
Principal alias: HTTP/ipa-centos.mydomain.com at MYDOMAIN.COM
Certificate: %cert%
Subject: CN=ipa-centos.mydomain.com,O=MYDOMAIN.COM
Serial Number: 9
Serial Number (hex): 0x9
Issuer: CN=Certificate Authority,O=MYDOMAIN.COM
Not Before: Tue May 16 11:32:36 2017 UTC
Not After: Fri May 17 11:32:36 2019 UTC
Fingerprint (MD5): e8:76:3b:a7:94:37:2e:e1:c8:ed:a1:87:38:16:65:e1
Fingerprint (SHA1):
de:65:18:38:23:5e:8a:0d:49:2c:eb:de:64:0a:61:eb:61:bd:ea:04
Authentication Indicators: otp
Keytab: True
Managed by: ipa-centos.mydomain.com
As u can see, all properties for OTP auth in Freeipa web interface are
applied, but I can login into web interface only using password, if I try
logging in with password+otptoken I have error.
What's wrong?
[root at ipa-centos]# ipa --version
VERSION: 4.4.0, API_VERSION: 2.213
[root at ipa-centos]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170516/b0fbf108/attachment.htm>
More information about the Freeipa-users
mailing list