On Thu, Aug 24, 2017 at 10:29:35AM -0400, Steve Weeks via FreeIPA-users wrote:
> We are running FreeIPA 4.4 on Centos 7 and trying to use radius
> authentication.
> Using radtest and radclient work fine and we can authenticate a user.
> The radius proxy and secret are set to match the values from radclient.
> The user has the radius check box checked and the other two fields set to
> appropriate values. hbactest shows that the user has permission for any
> host.
> When I do " su -l rsa-user", I'm requested for the first and second
> factors.  After I enter them, I get "su: Authentication failure".  Using a
> non-radius user works fine.
> The sssd_pam log has
> [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [17 (Failure setting
> user credentials)][idm.bbn.com]
> [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [17]:
> Failure setting user credentials.
> Unchecking the radius checkbox and the account works fine.
> Any ideas what to try or look at next?

I've never set up this configuration but I would look at the domain log
and krb5_child.log next.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to