<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> Hi all, I tried the FreeIPA webUI, ssh and "su - otpuser", all the same result. Winny <div class="moz-cite-prefix">Op 07-06-16 om 15:02 schreef Alexander Bokovoy: </div> <blockquote cite="mid:20160607130203.zyms26vj3bhztozz@redhat.com" type="cite">On Tue, 07 Jun 2016, Winfried de Heiden wrote: <blockquote type="cite">Hi all, I am trying to setup Freeipa with otp using the freeotp app. All looks fine, adding the user to the FreeOTP app also works fine. The users looks like: ipa user-show otpuser User login: otpuser First name: otp Last name: user Home directory: /home/otpuser Login shell: /bin/bash Email address: <a class="moz-txt-link-abbreviated" href="mailto:otpuser@blabla.bla">otpuser@blabla.bla</a> UID: 10011 GID: 10011 User authentication types: otp Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True However, trying to login in will fail; /var/log/krb5kdc.log will tell: Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.1.251: NEEDED_PREAUTH: <a class="moz-txt-link-abbreviated" href="mailto:otpuser@BLABLA.BLA">otpuser@BLABLA.BLA</a> for krbtgt/ <a class="moz-txt-link-abbreviated" href="mailto:BLABLA.BLA@BLABLA.BLA">BLABLA.BLA@BLABLA.BLA</a>, Additional pre-authentication required Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing down fd 12 Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth (otp) verify failure: Connection timed out I just cannot figure out what's going wrong. What is trying to connect to causing this timeout? (yep, I disabled firewalld for this...) </blockquote> How did you try to login? </blockquote> </body> </html>