On Mon, Mar 14, 2016 at 07:28:01AM -0700, Brad Bendy wrote: > HI, > > I have OTP setup and working just fine for logging into any servers, > when attempting to run any command with sudo I get a "First factor:" > prompt, I have entered my normal password but it fails. This only > happens when OTP is on, with OTP off sudo works like you would think.
This is a know issue, please see https://bugzilla.redhat.com/show_bug.cgi?id=1276868 for details. In case you use CentOS/RHEL7 you can find a test build at http://koji.fedoraproject.org/koji/taskinfo?taskID=13343842 . bye, Sumit > > The logs on the machine im trying to sudo show: > > Mar 14 08:23:13 ipatest audit: USER_AUTH pid=12495 uid=1818600003 > auid=1818600003 ses=8 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='op=PAM:authentication grantors=? acct="myusername" > exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=failed' > > Mar 14 08:23:13 ipatest audit: USER_CMD pid=12495 uid=1818600003 > auid=1818600003 ses=8 > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > msg='cwd="/" cmd="su" terminal=pts/0 res=failed' > > Which it not being much help at all, on the IPA server itself im > seeing nothing in the log when I run sudo, I do though when I login as > my normal user. > > Google appears to have zero results on this, any clues what else I can > check? Seems odd to me! > > Thanks > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project