On a related point to this note - Duncan, did you try to run your setup with RPM version of FreeIPA? FreeIPA 4.2 is included both in RHEL-7.2 Beta or in Fedora 23 Beta updates-testing repo, so you can try the latest and greatest version there and thus find out if the problems you are seeing are specific to the containerization or rather a general issue.
On 09/22/2015 08:12 PM, Nathaniel McCallum wrote: > Running IPA in a container is very bleading edge. I would not be > surprised at all if you run into lots of problems. > > On Tue, 2015-09-22 at 12:10 -0600, Duncan McNaught wrote: >> Thanks Nathaniel, >> I am running with Jan's Centos-7 container and I'd like to have >> Multi-factor Authentication/2FA enabled. >> He mentioned that systemd is not running in the container, so I >> guess that explains why 2FA is failing. I wonder if I can get >> systemd running there. >> --Duncan >> >> >> Thanks >> --Duncan >> ____________________________ >> Duncan McNaught >> Infrastructure Engineer >> Technologies | www.bitnet.io >> +1 720 240 6575 >> >> On Tue, Sep 22, 2015 at 6:55 AM, Nathaniel McCallum <npmccallum@redha >> t.com> wrote: >>> On Mon, 2015-09-21 at 16:49 -0600, Duncan McNaught wrote: >>>> Dear freeipa-users, >>>> >>>> I'm having an issue with otp in freeipa. I can set up the >>> service as >>>> described in the blog post for TOTP or HOTP, and sync the token >>> fine. >>>> When I try to login to the admin tools or an ipa-managed client >>>> (with <password><token>) , I get a password incorrect message. >>>> Here are some more details: https://github.com/adelton/docker-fre >>> eipa >>>> /issues/34 >>>> Can anyone help me to debug/get this working? >>> >>> I'm very unclear as to what you are trying to do. Are you trying to >>> run FreeIPA in a container? If so, Jan is probably your man. AFAIK, >>> ipa-otpd will require systemd in the container. >>> >>> If you are trying to run this on CentOS 7.1 (not a container), it >>> seems to me that your LDAP server isn't running or something is >>> wrong >>> with ldapi. >>> >>> Can you explain your setup in more detail? >>> >>> Nathaniel >>> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project