We are running FreeIPA 4.4 on Centos 7 and trying to use radius
authentication.

Using radtest and radclient work fine and we can authenticate a user.

The radius proxy and secret are set to match the values from radclient.
The user has the radius check box checked and the other two fields set to
appropriate values. hbactest shows that the user has permission for any
host.

When I do " su -l rsa-user", I'm requested for the first and second
factors.  After I enter them, I get "su: Authentication failure".  Using a
non-radius user works fine.

The sssd_pam log has

[sssd[pam]] [pam_dp_process_reply] (0x0200): received: [17 (Failure setting
user credentials)][idm.bbn.com]
[sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [17]:
Failure setting user credentials.

Unchecking the radius checkbox and the account works fine.

Any ideas what to try or look at next?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to