No, neither HOTP works...


Op 07-06-16 om 17:09 schreef Prashant Bapat:
Do HOTP tokens work fine ?

On 7 June 2016 at 20:37, Winfried de Heiden <w...@dds.nl> wrote:

Hi all,


Yes I check that one also. The IPA-server is running ntp and is is sync. The FreeOTP app is running on my phone which is synced by network, all looks fine....


Forgot to mention; this IPA-server is running on Fedora ARM on a Bananapi. non-otp logins go well.


Winny




Op 07-06-16 om 16:56 schreef Prashant Bapat:
​If this is TOTP (time based) you want to double check the time is properly set in both the server (NTP) and the device that is generating the OTP tokens. I have had issues with this with my users couple of times. ​

On 7 June 2016 at 19:43, Alexander Bokovoy <aboko...@redhat.com> wrote:
On Tue, 07 Jun 2016, Winfried de Heiden wrote:
Hi all,
I tried the FreeIPA webUI, ssh and "su - otpuser", all the same result.
Ok.

         Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): AS_REQ
         (6 etypes {18 17 16
         23 25 26}) 192.168.1.251: NEEDED_PREAUTH:
         otpu...@blabla.bla for krbtgt/
         blabla....@blabla.bla, Additional pre-authentication
         required
         Jun 07 14:44:37 ipa.blabla.bla krb5kdc[5887](info): closing
         down fd 12
         Jun 07 14:44:42 ipa.blabla.bla krb5kdc[5888](info): preauth
         (otp) verify
         failure: Connection timed out

         I just cannot figure out what's going wrong. What is trying
         to connect to
         causing this timeout? (yep, I disabled firewalld for
         this...)
What is the output of  systemctl status ipa-otpd.socket
?

if it is disabled, do

 systemctl enable ipa-otpd.socket
 systemctl start ipa-otpd.socket


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project




-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to