After doing some more trial and error I got it it to work.

Take the 20 byte secret key, remove the spaces and convert to base 32.
Also disable OATH Token Identifier in the YubiKey tool.

I used this tool to convert it

Then take that base32 value and insert into the secret field on
FreeIPA add token screen and your good to go, I used sha1 for

On Sat, Mar 12, 2016 at 8:47 AM, Brad Bendy <> wrote:
> Hi,
> YubiKey supports HOTP it appears, but im having a heck of a time
> getting the token to add FreeIPA. The YubiKey tool gives me the OATH
> Token which is 6 bytes and the secret key in 20 bytes hex. Ive entered
> the secret key and OATH token into the "key" field, ive tried all
> algorithms and get the error of "invalid 'ipatokenotpkey': Non-base32
> digit found"
> Am I missing something? Or is this just not possible at all? I can't
> find any documentation on Google saying how to set these up.
> Thanks!

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to