Hi all,


I am trying to setup Freeipa with otp using the freeotp app. All looks fine, adding the user to the FreeOTP app also works fine. The users looks like:

ipa user-show otpuser
  User login: otpuser
  First name: otp
  Last name: user
  Home directory: /home/otpuser
  Login shell: /bin/bash
  Email address: otpu...@blabla.bla
  UID: 10011
  GID: 10011
  User authentication types: otp
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True


However, trying to login in will fail; /var/log/krb5kdc.log will tell:


Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.1.251: NEEDED_PREAUTH: otpu...@blabla.bla for krbtgt/blabla....@blabla.bla, Additional pre-authentication required
Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing down fd 12
Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth (otp) verify failure: Connection timed out


I just cannot figure out what's going wrong. What is trying to connect to causing this timeout? (yep, I disabled firewalld for this...)


Winny


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to