On Thu, Aug 24, 2017 at 10:29:35AM -0400, Steve Weeks via FreeIPA-users wrote:
> We are running FreeIPA 4.4 on Centos 7 and trying to use radius
> Using radtest and radclient work fine and we can authenticate a user.
> The radius proxy and secret are set to match the values from radclient.
> The user has the radius check box checked and the other two fields set to
> appropriate values. hbactest shows that the user has permission for any
> When I do " su -l rsa-user", I'm requested for the first and second
> factors. After I enter them, I get "su: Authentication failure". Using a
> non-radius user works fine.
> The sssd_pam log has
> [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [17 (Failure setting
> user credentials)][idm.bbn.com]
> [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result :
> Failure setting user credentials.
> Unchecking the radius checkbox and the account works fine.
> Any ideas what to try or look at next?
I've never set up this configuration but I would look at the domain log
and krb5_child.log next.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org