Solved.
This turned out to be the ipa-otp process stuck on one of the 2 servers.
The VPN requests where being sent to the other server which was working fine

a simple restart of ipa fixed it.

Regards

On 28 February 2016 at 23:17, Alessandro De Maria <
alessandro.dema...@gmail.com> wrote:

> Hello,
>
> since I upgraded to 4.2.0 on Centos, OTPs do not seem to work anymore.
> Name        : ipa-server
> Version     : 4.2.0
> Release     : 15.el7_2.6
>
> The error I see in the
> Feb 28 23:01:40 id1 krb5kdc[2894](info): AS_REQ (6 etypes {18 17 16 23 25
> 26}) 10.0.1.10: NEEDED_PREAUTH: alessan...@xx.com for krbtgt/xx....@xx.com,
> Additional pre-authentication required
> Feb 28 23:01:41 id1.XX.com krb5kdc[2896](info): AS_REQ (6 etypes {18 17
> 16 23 25 26}) 10.0.1.10: PREAUTH_FAILED: alessan...@xx.com for krbtgt/
> xx....@xx.com, Incorrect password in encrypted challenge
>
> I tried syncing the OTP and also creating a new one.
> Strangely enough I can connect OK with the VPN supplying password + OTP,
> but OTP is not working on both freeipa gui and when issuing sudo.
>
> Could someone help me understand what is going on?
>
> Regards
> Alessandro
>
>
> --
> Alessandro De Maria
> alessandro.dema...@gmail.com
>



-- 
Alessandro De Maria
alessandro.dema...@gmail.com
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to