<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Carlito">Hi all,</font></p>
<p><font face="Carlito"><br>
I am trying to setup Freeipa with otp using the freeotp app. All
looks fine, adding the user to the FreeOTP app also works fine.
The users looks like:</font></p>
<p><font face="Carlito">ipa user-show otpuser<br>
User login: otpuser<br>
First name: otp<br>
Last name: user<br>
Home directory: /home/otpuser<br>
Login shell: /bin/bash<br>
Email address: <a class="moz-txt-link-abbreviated" href="mailto:otpuser@blabla.bla">otpuser@blabla.bla</a><br>
UID: 10011<br>
GID: 10011<br>
User authentication types: otp<br>
Account disabled: False<br>
Password: True<br>
Member of groups: ipausers<br>
Kerberos keys available: True</font></p>
<p><font face="Carlito"><br>
However, trying to login in will fail; /var/log/krb5kdc.log will
tell:</font></p>
<p><font face="Carlito"><br>
</font></p>
<p><font face="Carlito">Jun 07 14:44:37 ipa.blabla.bla
krb5kdc[5887](info): AS_REQ (6 etypes {18 17 16 23 25 26})
192.168.1.251: NEEDED_PREAUTH: <a class="moz-txt-link-abbreviated" href="mailto:otpuser@BLABLA.BLA">otpuser@BLABLA.BLA</a> for
<a class="moz-txt-link-abbreviated" href="mailto:krbtgt/BLABLA.BLA@BLABLA.BLA">krbtgt/BLABLA.BLA@BLABLA.BLA</a>, Additional pre-authentication
required<br>
Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing down
fd 12<br>
Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth
(otp) verify failure: Connection timed out<br>
</font></p>
<p><br>
</p>
<p><font face="Carlito">I just cannot figure out what's going wrong.
What is trying to connect to causing this timeout? (yep, I
disabled firewalld for this...)</font></p>
<p><font face="Carlito"><br>
</font></p>
<p><font face="Carlito">Winny</font></p>
<p><font face="Carlito"></font><br>
<font face="Carlito"></font></p>
</body>
</html>